VRP: clarify PoC submission requirement

This commit is contained in:
anonimal 2017-12-02 00:32:57 +00:00
parent 93abfa7280
commit 611f2461a6
No known key found for this signature in database
GPG key ID: 66A76ECF914409F1

View file

@ -60,7 +60,7 @@ PGP key fingerprint = 1218 6272 CD48 E253 9E2D D29B 66A7 6ECF 9144 09F1
3. In no more than 3 working days, Response Team should gratefully respond to researcher using only encrypted, secure channels 3. In no more than 3 working days, Response Team should gratefully respond to researcher using only encrypted, secure channels
4. Response Manager makes inquiries to satisfy any needed information to confirm if submission is indeed a vulnerability 4. Response Manager makes inquiries to satisfy any needed information to confirm if submission is indeed a vulnerability
- a. If submission proves to be vulnerable, proceed to next step - a. If submission proves to be vulnerable with PoC code / exploit, proceed to next step
- b. If not vulnerable: - b. If not vulnerable:
- i. Response Manager responds with reasons why submission is not a vulnerability - i. Response Manager responds with reasons why submission is not a vulnerability
- ii. Response Manager moves discussion to a new or existing ticket on GitHub if necessary - ii. Response Manager moves discussion to a new or existing ticket on GitHub if necessary