Once logged in you are presented with an overview of any recently submitted vulnerability reports. New submissions and those that are deemed Critical or High in their risk factor are also presented in summary form here, to bring them to your attention.
You can view all of the submitted reports in the My Reports section. The listing provides a quick overview of the report, outlining the date it was submitted, risk level, report status, and the IoT device in question. Clicking on ‘View’ will take you into the detailed report view.
Once in a report you can see the full submission in detail. At the top of the screen you can set different fields relating to the report, such as the risk level, and the stage the report is in. Updating the risk level here to either Critical or High will make that report visible on the dashboard home page.
A submitted report goes through multiple stages before it is completed. These can be set by clicking on the ‘Update Stage’ dropdown arrow and selecting the appropriate stage. At each point along the lifecycle of the report, it is expected that you will make contact with the reporter to outline next steps, and provide updates or feedback. The date when the contact is expected to be made is shown next to the current stage. To help with identifying what comes next, the ‘Next Step’ will show the upcoming report stage.
Contacting the reporter
If at any point in the reporting process you need to contact the reporter (if they have agreed that you can do so), you can quickly send a message to them by clicking on the ‘+ Message’ button.
The reporter can also send messages to you. These will be displayed above the report summary outline.
This section shows all of the Vulnerability Disclosures that have been created. Clicking on ‘View’ for an existing disclosure will allow you to review and edit the disclosure as necessary.
To create a new disclosure click on ‘Create New Publish Disclosure’. This will take you through a step by step wizard process outlining the required fields for publishing a disclosure.
If you are creating a disclosure based on a report that was submitted through the Vulnerable Things platform, you can search for this in the first step, which will then populate some of the fields with answers from the report.
Disclosures are made public on the date specified when creating the disclosure. If you choose to ‘Publish Now’ the disclosure will be made public immediately after it has been completed and saved. Specifying a date for publish, will make the disclosure publicly available at 09:00 on the date entered.
We will then contact you and ask you to verify the additional security information that we have on file.
Please note, for the security of domain name owners, businesses, and website owners, we must make every effort to ensure that we are giving proper access to authorised individuals.