Walk a hypothetical coordinated-disclosure timeline against a fictional vendor. Produce the vendor-readable report draft the disclosure would actually use.
What you ship
- A structured disclosure timeline (discovery, vendor contact, acknowledgement, patch, public release).
- A two-to-three-page vendor-readable report draft for CVE-2025-65106 (treat the original LangChain disclosure as the fictional baseline).
- A short README pointing the reader at the timeline and report.
- Toolchain Diary entry for the disclosure-timeline template.
Tools you use
- Your favourite Markdown editor.
- The cohort disclosure-timeline template from the archive.
- CERT/CC and MITRE CVE Program docs for reference.
Success criteria
- The timeline names realistic windows (vendor contact within 24 to 48 hours, acknowledgement within 5 to 14 days, etc).
- The report uses coordinated-disclosure register, not bug-bounty register.
- The report would be acceptable to a real vendor's PSIRT inbox.
Time budget
Plan for two ninety-minute lab sessions plus two hours of independent build-out. Modules 4 and 6 commonly run over; budget one extra session for those.
Submission
Push to your student repo under adv-102/labs/lab-8/. Include source, a one-paragraph README, the output you observed, and where applicable a structured detector or trace file.