Skip to content

User Story 2022_105

As a Vendor, I want to address the same vulnerability in multiple products but on different timelines so that I can avoid delaying the delivery of a ready fix to a subset of my user base.

Notes

(as of v0.4.0) The vendor treating the case as multiple reports is doable within the current protocol. It makes the embargo negotiation a bit more complex, but we address that in the case split/merger discussion in the embargo chapter.

Metadata

Following is additional information compiled from our original design materials. We are including it here for future reference and traceability.

  • Potential future process or service: Case merge or split
  • Roles: Vendor
  • Phases: Reporting, Validation and Prioritization, Analysis and Remediation, Public Awareness, Deployment
  • Categories: Policy, Community
  • File: story_2022_105.md
  • Original ID: 129.0
  • 2022 Whitepaper ID: nan
  • Support Level: (as of v0.4.0) Allowed