VINCE: A Software Vulnerability Coordination Platform

January 25, 2021 • Podcast

By

Emily Sarneso and Art Manion

Emily Sarneso, the architect of VINCE, and Art Manion, technical manager of the Vulnerability Analysis Team in the SEI CERT Division, discuss the rollout of VINCE, how to use it, and future work in vulnerability coordination.

Publisher

Software Engineering Institute

Subjects

Cybersecurity Security Vulnerabilities

Listen

Watch

Abstract

Software vulnerability coordination at the CERT Coordination Center (CERT/CC) has traditionally relied on a hub-and-spoke model, with reports submitted to analysts at the CERT/CC analysts who would then work with contact affected vendors. To scale communications and increase the level of collaboration between vulnerability reporters, coordinators, and software vendors, the CERT/CC team has created a web-based platform for software vulnerability reporting and coordination called the Vulnerability Information and Coordination Environment (VINCE). In this podcast, Emily Sarneso, the architect of VINCE, and Art Manion, technical manager of the Vulnerability Analysis Team in the SEI CERT Division, discuss the rollout of VINCE, how to use it, and future work in vulnerability coordination.

About the Speaker

Emily Sarneso

Emily Sarneso is an SEI alumni employee.

Art Manion

Art Manion is an SEI alumni employee.

Art Manion is a senior member of the Vulnerability Analysis team in the CERT Program at the Software Engineering Institute (SEI), Carnegie Mellon University. Since joining CERT in 2001, Manion has studied vulnerabilities, coordinated disclosure efforts, and published advisories, alerts, and vulnerability notes …

Software Engineering Institute