search

CERTCC / VINCE

VINCE is the Vulnerability Information and Coordination Environment developed and used by the CERT Coordination Center to improve coordinated vulnerability disclosure. VINCE is a Python-based web platform.
https://kb.cert.org/vince/
Other
49 stars 25 forks source link

Feature request: Add federation approach #99

Open tschmidtb51 opened 1 year ago

tschmidtb51 commented 1 year ago

I have the vision that VINCE should be federated. This would help to transport/share information between different VINCE instances (of different countries) - especially in joined cases. (Just think about the coordination group in AMNESIA:33.) Moreover, it could limit the amount of accounts a single user (vendor/researcher/...) needs to have to run the cases.

The default should be that the case is only available at the instance it was created on. (This also helps to limit the risk for each single instance as none has all cases and helps to fulfill gov requirements to store data in your own country.) However, other coordinators can be added, which basically (copies and) syncs the case with their VINCE instance.

Thoughts?

ahouseholder commented 1 year ago

We're looking into this within the context of our work on Vultron.

tschmidtb51 commented 1 year ago

I like the idea but I'm not sure whether this is currently sufficient for all use cases (see also in combination: https://github.com/CERTCC/VINCE/issues/98).