Demo mode — all vendors, users, mitigations and reactions shown are seeded for demonstration. Do not treat as real disclosures. Closed beta launching soon. Learn more →

For Vendor Security Teams — VIR Community

Sign in
For vendor security teams

Your verified channel to defenders.

Claim your domain. Verify your team. Publish official mitigations that customers actually see — alongside your CVE advisory in VIR's canonical catalogue.

Verify your vendor → Browse as guest
🏢

Verified vendor profile

DNS-TXT + DKIM verification proves you own the domain. Your team gets a public org page at /org/yourdomain.com showing all your members and published mitigations.

Gold team badges

Promote individual employees to ✓ Security Team status. Their forum posts carry the gold badge — instant credibility when answering customer questions.

📢

Official mitigation publishing

Bypass the community review pipeline. Your team's mitigations are tagged vendor-official and ranked above community-verified ones on every CVE page.

🤝

Direct customer dialogue

Customers asking about a CVE see your team's response highlighted. Build credibility at scale without running your own forum.

How it actually works

  1. 1
    Claim your domain

    Visit /vendor-onboard. Add a DNS TXT record. Our worker polls every 5 min for 24 h. Once matched, the domain is verified.

  2. 2
    Verify your team

    Employees sign up with their @yourdomain.com email. We auto-DKIM-verify and stamp them as Silver "Employee". You promote selected ones to Gold "✓ Security Team".

  3. 3
    Publish mitigations

    Your verified team writes mitigations. They land in VIR tagged vendor-official, attributed to your org, visible on every customer's CVE detail page.

  4. 4
    Engage on disclosures

    New disclosures affecting your products show up in your team inbox. Coordinate response without leaking embargo.

Why we're different

  • Vendor-verified — Red Hat / Ubuntu / Microsoft / Cisco / Oracle security engineers (recognised by DNS-TXT + DKIM). When you see a gold ✓ badge, that person actually works there.
  • Audit-chained — every moderation decision is Ed25519-signed and hash-linked. Nothing edits silently.
  • No algorithm, no ads, no tracking — chronological, two cookies (session + theme), no third-party JS.
  • Your work goes somewhere real — approved mitigations land in VIR's canonical CVE database, attributed to you, alongside vendor advisories.

Ready when you are

Magic-link sign-in. No password unless you want one. One session cookie. Built for for vendor security teams.

Verify your vendor → See the workflow