At the FIRST Vulnerability Coordination SIG 2025, some vendor PSIRT representatives discussed the need for multi-coordinator scenarios. With European NIS2 regulations and the need for some local coordinator involvement, vendors in Europe will benefit from the US like CERT/CC or other multinational CERT's they can use as well as local.
I could not find much information or examples of data/process flow diagrams that provided this publish/subscribe model to apply for multi-coordinator scenarios. It may be worth spelling this out and giving some diagrammatic examples of the intended flow of Vultron States between these stakeholders. A simple two coordinator diagram will be sufficient to address this.
Information I found was at
https://certcc.github.io/Vultron/topics/process_models/rm/rm_interactions/?h=multi#vendor-engages-a-coordinator-for-mpcvd
Supply-chain oriented MPCVD often has two or more tiers of Vendors being notified by their upstream component suppliers, with or without one or more Coordinators' involvement.
At the FIRST Vulnerability Coordination SIG 2025, some vendor PSIRT representatives discussed the need for multi-coordinator scenarios. With European NIS2 regulations and the need for some local coordinator involvement, vendors in Europe will benefit from the US like CERT/CC or other multinational CERT's they can use as well as local.
I could not find much information or examples of data/process flow diagrams that provided this publish/subscribe model to apply for multi-coordinator scenarios. It may be worth spelling this out and giving some diagrammatic examples of the intended flow of Vultron States between these stakeholders. A simple two coordinator diagram will be sufficient to address this.
Information I found was at
https://certcc.github.io/Vultron/topics/process_models/rm/rm_interactions/?h=multi#vendor-engages-a-coordinator-for-mpcvd