Skip to content

User Story 2022_001

As a Finder I want to discover how to report a vulnerability so that I can notify the affected vendors and start CVD

Notes

(as of v0.4.0) Reporting is provided, but endpoint discovery is not

With an ActivityPub-based solution, this could be as simple as a vendor or CVD service provider listing their inbox as a public property of their profile. This would allow Finders to discover the endpoint.

Metadata

Following is additional information compiled from our original design materials. We are including it here for future reference and traceability.

  • Potential future process or service: CVD protocol endpoint discovery
  • Roles: Finder
  • Phases: Reporting
  • Categories: Policy, Community
  • File: story_2022_001.md
  • Original ID: 1.0
  • 2022 Whitepaper ID: CVD-API-037-1
  • Support Level: (as of v0.4.0) Allowed