P00 / VulnerabilitySignal → ReportabilityDecision

EU CRA Reporting Readiness · Gate workflowEU CRA 报送准备度 · 决策门工作流

Decide reportability before the Case exists.在 Case 存在前完成报送触发判断。

Move a VulnerabilitySignal through evidence-backed proof lanes, record reviewer endorsement, and only then unlock Case creation. The gate is a backend-enforced transition guard, not a UI panel.把 VulnerabilitySignal 推过证据支撑的 proof lanes,记录审核背书,然后才解锁 Case 创建。决策门是后端强制的迁移守卫,不是 UI 面板。

Reportable pending
1 · VulnerabilitySignalSIG-001 / CVE-2026-12345 / NetShield Edge
2 · ReportabilityDecision
3 · reviewer endorsementNo reviewer endorsement audit event yet.
4 · Case creationBlocked until reportable + endorsed.在 reportable + 背书前阻断。

Supplier readiness journey供应商准备度旅程

The active step is an operational gate, not a narrative milestone.当前步骤是可执行守卫,不是叙事节点。

01Signal Intake信号录入
02Risk Qualification风险判断
03Reportability Decision报送触发判断
04Impact Scoping影响范围
05Case & DataCase 与数据
06Review审核
07Submission模拟提交
08Evidence Trace证据留痕
09Readiness Dashboard准备度仪表盘

VulnerabilitySignal · SIG-001

Threat-intel intake: CVE-2026-12345, CVSS 9.1, received 2026-09-01 08:30Z.威胁情报录入:CVE-2026-12345,CVSS 9.1,接收于 2026-09-01 08:30Z。

critical

product_relevance

relevant

NetShield Edge sold across the EEA.NetShield Edge 已在 EEA 销售。

eea_relevance

relevant

FR / DE / IT / ES market scope.涉及 FR / DE / IT / ES 市场。

confidence

high

2 evidence refs · 1 known gap.2 条证据引用 · 1 个已知缺口。

Proof lanes三条法定 proof lane

Open each drawer to inspect source references, reliability, and unresolved gaps.打开每个抽屉查看证据引用、可靠性与未解缺口。

L1

actively_exploited_vulnerability

Forum signal suggests exploitation, but the attached evidence is not reliable enough.论坛迹象显示可能利用,但附加证据可靠性不足。

unknown
L2

severe_incident_security_impact

RCE weakens confidentiality and integrity. Evidence refs: TI-001, LAB-042.RCE 削弱 confidentiality 与 integrity。证据引用:TI-001、LAB-042。

met
L3

severe_incident_malicious_code

No product or user-network malicious-code execution evidence in current record.当前记录未发现产品或用户网络中的恶意代码执行证据。

not_met

decision_rule_trace

Changing the outcome rewires every downstream guard.切换 outcome 会重写所有下游守卫。

IFproduct_relevance = relevanttrue
ANDeea_relevance = relevanttrue
ANDL2 severe_incident_security_impact = mettrue
THENReportable

Reviewer endorsement审核人背书

Endorsement writes an audit event and unblocks Case creation (INV-2).背书写入审计事件,并解锁 Case 创建(INV-2)。

Case creation blockedOnly an endorsed reportable decision can create a formal Case.

Guard: reviewer_endorsement is required.

Audit events审计事件

Immutable. State transitions persist across pages.不可变。状态迁移跨页面持久化。

immutable

Record reviewer endorsement记录审核背书

This creates an immutable audit event for DEC-001.这会为 DEC-001 创建不可变审计事件。

Guard impact守卫影响Submitting this endorsement enables Case creation and advances the workflow to ShareTable v2 completion.提交背书将启用 Case 创建,并推进到 ShareTable v2 完成。