Implementing Vultron
This page is not normative
This page is not considered a core part of the Vultron Protocol as proposed in the main documentation. Although within the page we might provide guidance in terms of SHOULD, MUST, etc., the content here is not normative.
Here we collect some guidance for potential implementations of Vultron.
While a complete protocol implementation specification remains a work in progress, we do have a few additional suggestions for potential implementers.
Prerequisites
The Implementing Vultron section assumes that you have:
- an interest in implementing the Vultron Protocol
- basic familiarity with the Vultron Protocol
- familiarity with the CVD process in general
If you are unfamiliar with the Vultron Protocol, we recommend that you start with Understanding Vultron. For technical reference, see Reference. If you're just trying to understand the CVD process, we recommend that you start with the CERT Guide to Coordinated Vulnerability Disclosure.
In this section, you will find:
- an abstract case object for use in tracking MPCVD cases
- Notes on the core Vultron Protocol subprocesses (RM, EM, and CS), including how the CS model might integrate with other processes
- An in-depth exploration of applying the ActivityPub protocol as an underlying foundation to the Vultron Protocol.
- A few thoughts on the Embargo Management Process and how it might be implemented using the
iCalendarprotocol. - General notes on future implementations.
Over time, we plan to expand this section of the documentation to include:
- Basic data model examples
- Behavior logic implementation examples
- Simulation examples
- Communication protocol implementation examples
- Other implementation notes as needed
The Vultron Protocol is an interoperability protocol
The protocol and data structures outlined in this documentation are intended to facilitate interoperability among individual organizations' workflow management systems. As such, they are focused on the exchange of information and data necessary for the MPCVD process to function and will not likely be sufficient to fully address any individual organization's vulnerability response process.