Acknowledgements
This work builds upon the following prior works:
| Work | Authors | URL |
|---|---|---|
| The CERT Guide to Coordinated Vulnerability Disclosure | Allen D. Householder, Garret Wassermann, Art Manion, Christopher King | https://doi.org/10.1184/R1/12367340.v1 2019 Update: https://certcc.github.io/CERT-Guide-to-CVD |
| A State-Based Model for Multi-Party Coordinated Vulnerability Disclosure (MPCVD) | Allen D. Householder and Jonathan Spring | https://doi.org/10.1184/R1/16416771 |
| Are We Skillful or Just Lucky? Interpreting the Possible Histories of Vulnerability Disclosures | Allen D. Householder and Jonathan Spring | https://doi.org/10.1145/3477431 |
| Designing Vultron: A Protocol for Multi-Party Coordinated Vulnerability Disclosure (MPCVD) | Allen D. Householder | https://doi.org/10.1184/R1/19852798 |
| Coordinated Vulnerability Disclosure User Stories | Brad Runyon, Eric Hatleback, Allen D. Householder, Art Manion, Vijay S. Sarvepalli, Timur D. Snoke, Jonathan Spring, Laurie Tyzenhaus, Charles G. Yarbrough | https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=886543 |
This work is funded in part by DHS/CISA under Contract No. FA8702-15-D-0002 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center sponsored by the United States Department of Defense.
DM23-0698