2015-09-10 - Issues tested against latest version
2015-09-30 - HP replies, assigns SSRT102274
2015-11-24 - Ping vendor for update
2015-11-24 - HPE reports no movement, will ping Dev team again
2015-12-04 - HPE replies, still under investigation
2016-02-17 - Ping vendor for update
2016-02-19 - Vendor replies, will get status by Monday
2016-03-15 - Ping vendor for update
2016-03-22 - Vendor replies, waiting for update, PSRT110020 has been assigned
2016-04-14 - Ping vendor for update
2016-04-15 - Vendor replies, "R&D Team is still working on the remediation"
2016-05-16 - Ping vendor for update
2016-05-17 - Vendor replies "patch release in final steps and should be released in next few days"
2016-05-18 - Vendor says plan is to release fix by end of May.
2016-05-31 - Vendor releases fix and advisory
2016-06-10 - Ask vendor about CVE assignment uncertainty
2016-06-13 - Vendor ACKs mail, will look into it
2016-06-22 - Ask vendor for update about CVE assignment
2016-06-22 - Vendor says they had a meeting today, working on request
2016-07-05 - Vendor restates previous info.
2016-07-05 - Ask vendor for clarity, explain the question again
2016-07-14 - Vendor sends a list of CVE to PSRT/SSRT breakdown, still does not resolve question
2016-07-14 - Ask vendor for clarity, ask to be put in touch with who actually did the assignment
2016-07-15 - Vendor sends longer mail that does not address outstanding question
2016-07-15 - Tenable replies, explains the confusion very clearly, asks for the CVE assignments that appear to be missing
2016-07-18 - HPE says they assign "for any new vulnerabilities reported to us", will confirm and get back to us on this assignment.
2016-08-08 - Ping vendor for update on assignments.
2016-08-09 - HPE replies, still waiting for feedback from R&D.
2016-08-18 - Tenable reminds HPE that 'coordinated disclosure' is a two-way street, and HPE did not coordinate this release. Informs them that we will publish our advisory in the coming weeks since they already published theirs.
2016-08-20 - HPE says current plan is to release a new advisory for the two issues in question.
2016-08-26 - HPE says still working to finalize bulletin content.
2016-09-16 - HPE says Product Engineering team has approved content, will publish bulletin next week.
2016-09-20 - HPE releases HPSBGN03648 without coordinating our own advisory. Mentions one remote DoS, resulting in 4 CVEs and 3 issues.
2016-09-21 - Tenable figures out CVE assignments, which likely don't match HPE's.