US-CERT
From SCADApedia
The United States Computer Emergency Response Team (US-CERT) is a coordination center that publishes Vulnerability Notes and maintains a public database of these notes. US-CERT partners with CERT/CC at Carnegie Mellon for the processing of reported vulnerabilities and writing of Vulnerability Notes.
The distinction between CERT/CC and US-CERT is usually invisible. However, if an entity did not want the US Government to know about a vulnerability it could be reported to CERT/CC with this restriction and CERT/CC would not share the information. Conversely, if an entity only wanted the US Government to know about a vulnerability it could be reported solely to US-CERT, and they would honor that restriction.
When a vulnerability is reported US-CERT and their partners will coordinate the responsible disclosure with the researcher, vendor, asset owners and other affected parties. US-CERT balances the interests of the affected community in determining the issuance date and level of detail included in a Vulnerability Note. Control System Vulnerability Notes are typically not issued until there is a patch available and the vulnerability detail is minimal.
The SCADApedia maintains a list of Control System Vulnerability Notes along with more detailed descriptions of the vulnerability, how to detect the vulnerability, and how to remediate the vulnerability.
External Links
Report a control system vulnerability to US-CERT
