Skip to content

User Story 2022_107

As a Vendor, I want to convey the vulnerability status of my component(s), product(s), or service(s) to other Participants.

Notes

(as of v0.4.0) The protocol doesn't directly reflect a Vendor or product's vulnerability status. Instead, it reflects the Vendor's status with respect to the Report. We expect that each RM message type will be accompanied by content that indicates any reasons or necessary explanation for why a particular state change occurred. E.g., "RI: report is invalid because none of our products are affected." Or "RV: This report affects the following of our products..."

Metadata

Following is additional information compiled from our original design materials. We are including it here for future reference and traceability.

  • Potential future process or service: Product vulnerability status
  • Roles: Vendor
  • Phases: Validation and Prioritization, Analysis and Remediation
  • Categories:
  • File: story_2022_107.md
  • Original ID: 131.0
  • 2022 Whitepaper ID: nan
  • Support Level: (as of v0.4.0) Allowed