VINCE: A Software Vulnerability Coordination Platform
Software Engineering Institute
Software vulnerability coordination at the CERT Coordination Center (CERT/CC) has traditionally relied on a hub-and-spoke model, with reports submitted to analysts at the CERT/CC analysts who would then work with contact affected vendors. To scale communications and increase the level of collaboration between vulnerability reporters, coordinators, and software vendors, the CERT/CC team has created a web-based platform for software vulnerability reporting and coordination called the Vulnerability Information and Coordination Environment (VINCE). In this podcast, Emily Sarneso, the architect of VINCE, and Art Manion, technical manager of the Vulnerability Analysis Team in the SEI CERT Division, discuss the rollout of VINCE, how to use it, and future work in vulnerability coordination.
About the Speaker
Art Manion is an SEI alumni employee.
Art Manion is a senior member of the Vulnerability Analysis team in the CERT Program at the Software Engineering Institute (SEI), Carnegie Mellon University. Since joining CERT in 2001, Manion has studied vulnerabilities, coordinated disclosure efforts, and published advisories, alerts, and vulnerability notes …Read more