From 611f2461a646c0ccf3b5699c2304970ab0064ff4 Mon Sep 17 00:00:00 2001
From: anonimal <anonimal@i2pmail.org>
Date: Sat, 2 Dec 2017 00:32:57 +0000
Subject: [PATCH] VRP: clarify PoC submission requirement

---
 VULNERABILITY_RESPONSE_PROCESS.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/VULNERABILITY_RESPONSE_PROCESS.md b/VULNERABILITY_RESPONSE_PROCESS.md
index 39e5e02..3d1106a 100644
--- a/VULNERABILITY_RESPONSE_PROCESS.md
+++ b/VULNERABILITY_RESPONSE_PROCESS.md
@@ -60,7 +60,7 @@ PGP key fingerprint = 1218 6272 CD48 E253 9E2D  D29B 66A7 6ECF 9144 09F1
 3. In no more than 3 working days, Response Team should gratefully respond to researcher using only encrypted, secure channels
 
 4. Response Manager makes inquiries to satisfy any needed information to confirm if submission is indeed a vulnerability
-    - a. If submission proves to be vulnerable, proceed to next step
+    - a. If submission proves to be vulnerable with PoC code / exploit, proceed to next step
     - b. If not vulnerable:
       - i. Response Manager responds with reasons why submission is not a vulnerability
       - ii. Response Manager moves discussion to a new or existing ticket on GitHub if necessary