zmanion/cvd

Coordinated Vulnerability Disclosure

cvd

Coordinated Vulnerability Disclosure

This CVD repository is an implementaion of CVD Guide guidance document. The CVD guidance document highlights various phases of a CVD as Discovery, Reporting, Triage, Remediation, Public Awareness followed by Deployment. There are also Roles defined in CVD that identifies several stakeholders intergral to the defined CVD process. Below is a quick overview of these phases in a tabular form.

Phases/Roles	Finder	Reporter	Vendor	Coordinator	Deployer
Discovery	Finds Vulnerabilities	-	-	-	-
Reporting	Prepares Report	Reports Vulnerabilities	Receives Reports	Receives Report, Assists Reporting	-
Triage	-	Validates and Prioritizes report for response	Prepares pacthces, Develops advisory	Validates reports receive and Priorit	-
Remediation	-	Confirms Fix	Prepares patches, Develops advisory	Coordinates multiparty response, Develops advisory	-
Public Awareness	Publishes report	Publishes report	Publishes report	Publishes report	Receives Report
Deployment	-	-	-	Monitors Deployment	Deploys fixes and/or mitigations

This repostiory attempts to build a machine that will follow CVD process providing both CVD data schemas and related CVD processing engines that will carry us through these phases. The diagram below and the related table are ongoing work in this area to create a schema and a machine that will process the schema and advance CVD through its phases.

Input	Processing-Engine	Output	Audience
Vendor_search	Discovery-Engine	Report_methods	Finder
Vul_report	Reporting-Service	Vul_report	Coordinator
Vul_report	Triage-Manager	Vul_coordinate	Finder,Coordinator,Vendor
Vul_coordinate	Remediation-Broker	Vul_remediate	Finder,Coordinator,Vendor
Vul_remediate	Publishing-Service	Vul_notice	All
Vul_notice	Deployment-Tracker	Vul_metrics	All