II.
Workflow overview
Reference · liveworkflow:cve-response-coordination
CVE Response Coordination overview
Coordinates the organization's response to newly disclosed CVEs affecting its software stack -- monitoring advisory feeds (NVD, GitHub Security Advisories, vendor bulletins), triaging by CVSS score and exploitability, mapping affected CVEs to internal services via SBOM, prioritizing patching by blast radius, coordinating emergency patch deployments, communicating status to stakeholders, and tracking remediation to closure within SLA. Excludes long-term vulnerability management strategy.
Attributes
displayName
CVE Response Coordination
workflowKind
security
triggerType
event-driven
typicalCadence
per-cve
complexity
cross-team
description
Coordinates the organization's response to newly disclosed CVEs affecting
its software stack -- monitoring advisory feeds (NVD, GitHub Security
Advisories, vendor bulletins), triaging by CVSS score and exploitability,
mapping affected CVEs to internal services via SBOM, prioritizing patching
by blast radius, coordinating emergency patch deployments, communicating
status to stakeholders, and tracking remediation to closure within SLA.
Excludes long-term vulnerability management strategy.
Outgoing edges
applies_to_domain2
- domain:cybersecurity·DomainCybersecurity
- domain:security·DomainSecurity
involves_role4
- role:security-reviewer·RoleSecurity Reviewer
- role:vulnerability-scanner·RoleVulnerability Scanner
- role:platform-engineer·RolePlatform Engineer
- role:incident-commander·RoleIncident Commander
performed_by_org_unit3
- org-unit:security-team·OrgUnitSecurity Team
- org-unit:application-security-team·OrgUnitApplication Security Team
- org-unit:engineering·OrgUnitEngineering
requires_skill_area2
- skill-area:dependency-vulnerability-mgmt·SkillAreaDependency Vulnerability Management
- skill-area:incident-response·SkillAreaIncident Response
triggers_responsibility3
- responsibility:run-security-scans·ResponsibilityRun security scans
- responsibility:respond-incidents·ResponsibilityRespond to production incidents
- responsibility:upgrade-dependencies-weekly·ResponsibilityUpgrade dependencies weekly
Incoming edges
None.