Skip to content

The Vultron Coordinated Vulnerability Disclosure Protocol

Work in progress

We are currently working on the documentation of the Vultron CVD Protocol. This documentation is a work in progress and is not yet complete. Our focus so far is on

The Vultron Protocol is a research project to explore the creation of a federated, decentralized, and open source protocol for coordinated vulnerability disclosure (CVD). It has grown out of the CERT/CC's decades of experience in coordinating global response to software vulnerabilities. Our goal is to create a protocol that can be used by any organization to coordinate the disclosure of vulnerabilities in information processing systems (software, hardware, services, etc.), and to build a community of interoperability across independent organizations, processes, and policies that can work together to coordinate appropriate responses to vulnerabilities.

The Vultron Protocol is a collection of ideas, models, code, and work in progress, and is not yet ready for production use.

Current Version

The current version of the Vultron Protocol is

2024.4.2.dev1+g2dbd716

How this documentation is organized

We are in the process of documenting the Vultron CVD Protocol as we work towards a prototype implementation. We are using the Diátaxis Framework to organize our documentation into four main categories, oriented around the different ways that people might need to learn about and use the Vultron Protocol.

Our current focus is on the Understanding Vultron section, which describes the protocol in detail.

  • Learning About Vultron

    The Learning Vultron section is intended to eventually include tutorials and other information about the Vultron Protocol that is oriented towards novice users and getting started with the protocol. However, because we are still in the early stages of the project, this section is just a placeholder for now.

    Learning Vultron

  • Understanding Vultron

    The Understanding Vultron section includes background information about Vultron, including the motivation for the project, the problem space that we are trying to address, and the design principles that we are using to guide our work. It also includes a detailed description of the Vultron Protocol, including the state machines and behavior logic that we use to model the behavior of the protocol.

    Focus on your content and generate a responsive and searchable static site

    Understanding Vultron

  • Implementing Vultron

    The Implementing Vultron section includes guidance for potential implementations of Vultron. In the future, we plan to include how-to guides to help you use Vultron, but for now it is focused on guidance for potential implementers of Vultron.

    Change the colors, fonts, language, icons, logo and more with a few lines

    Implementing Vultron

  • Reference

    The Reference section includes the formal Vultron Protocol specification, crosswalks the protocol with other related standards and protocols, etc. In the future, we plan to include other reference information about Vultron, including code documentation.

    Reference

Background

The Vultron Protocol is a continuation of the CERT/CC's work on improving the coordination of vulnerability disclosure and response. Our previous work in this area includes:

along with a variety of related research, including

More recently, the CERT/CC has been working towards formalizing this knowledge into a protocol for CVD. Our recent work in this area includes: