VIR Vulnerability Intelligence Relay
For PSIRT & Security Teams

Your vendor presence on VIR, verified.

When practitioners ask about a CVE that affects YOUR product, your team should be the loudest voice in the room. VIR gives you a verified channel, mitigation authorship credit, and direct disclosure routing — for free.

Claim your domain → How verification works

Why claim your vendor presence

Four concrete reasons your PSIRT lead will care about.

Verified badge

Every post from your team gets a brand-coloured badge with hover-tooltip. Readers immediately distinguish official voice from random commentary.

Highest-trust mitigations

When your team publishes a workaround, it carries source_tier=vendor — the highest trust level downstream consumers act on.

Vendor channel

A dedicated subforum (#redhat, #microsoft, #ubuntu, …) for your team's threat-intel rollups and customer Q&A.

Direct disclosure routing

When a contributor files a disclosure naming your vendor, our routing layer auto-points them at YOUR PSIRT contact URL instead of MITRE Root.

How to claim a domain

One DNS TXT record. Verified within an hour by our worker.

Request a token

Visit vendor-onboard, type your domain, get a one-time token.

Add the TXT record

Publish _vir-verify.<domain> TXT "vir-verify=<token>" in your DNS.

Auto-verified

Worker polls every 5 min for 24h. Email when domain is verified.

You're org admin

Promote individual employees to "Security Team" tier (gold badge) from the org admin page.

Already running a CNA?

Microsoft MSRC, Red Hat Product Security, Oracle Security, Cisco PSIRT, Apple, NVIDIA, Google VRP, Canonical/Ubuntu Security, HashiCorp — we don't compete.

We route to you, not around you.

Our community's vulnerability disclosure flow checks the affected vendor on every submission. If you run your own CNA, contributors see a direct link to your PSIRT contact page — we never try to play CNA-of-record for vendors who already have one.

If you DON'T run a CNA and want to delegate to us as a CNA-LR (CNA of Last Resort), that's a separate conversation — contact cna@secfolk.com.

Contributor files disclosure ├─ Vendor = "redhat" └─ Routing decision: ✓ Red Hat runs their own CNA → Show: access.redhat.com/security/team (we never auto-mint a CVE for vendors with PSIRT)

Claim your vendor presence now

Free, takes 5 minutes of your DNS admin's time. Costs nothing per month — vendor verification is permanently free.

Start claim → Talk to partnerships