Coordinated Vulnerability Disclosure User Stories
August 2022 • White Paper
Brad Runyon, Eric Hatleback, Allen D. Householder, Art Manion, Vijay S. Sarvepalli, Timur D. Snoke, Jonathan Spring, Laurie Tyzenhaus, Charles G. Yarbrough
This paper provides user stories to guide the development of a technical protocol and application programming interface for Coordinated Vulnerability Disclosure.
Software Engineering Institute
This white paper provides a set of user stories intended to guide the development of a technical protocol and application programmable interface (API) for Coordinated Vulnerability Disclosure (CVD). These user stories reflect internal discussions with the CERT/Coordination Center (CC) based on our own experiences in developing and using the VINCE platform as well as our ongoing CVD practices. The user stories are expected to be utilized by the CVD team to better understand, create, and implement a CVD Protocol. In addition, the CERT/CC believes that these user cases will be useful for any enterprise designing or implementing its own CVD policies, processes, and procedures.