FIRST is calling for members of the incident response, security, and IT vendor communities to join forces and participate in a new Special Interest Group (SIG) on Vulnerability Coordination

The Vulnerability Coordination SIG has been established to improve the way in which the increasingly multi-faceted and multi-stakeholder challenge of vulnerability information coordination is met, and to develop a common and consistent methodology for how coordination becomes more effective.

Invites stakeholders to be involved in improving processes and forming a best practice approach to addressing vulnerabilities

25 March 2015The Forum of Incident Response and Security Teams (FIRST) is calling for members of the incident response, security, and IT vendor communities to join forces and participate in a new Special Interest Group (SIG) on Vulnerability Coordination. The new SIG will bring together a multi-stakeholder, cross-industry group with the aim of improving the way in which vulnerabilities are coordinated and related information is shared with stakeholders across like communities. In this way it hopes to develop a co-ordinated response to the threats that vulnerabilities pose at all functional levels of the community.

FIRST SIGs typically bring together a group of subject matter experts and other stakeholders to explore an area of interest or challenge area, with the goal of collaborating and sharing expertise and experiences to address common challenges. The Vulnerability Coordination SIG has been established to improve the way in which the increasingly multi-faceted and multi-stakeholder challenge of vulnerability information coordination is met, and to develop a common and consistent methodology for how coordination becomes more effective. The SIG's aim is to expand on current bi-lateral coordination efforts to include multiple stakeholders through the creation of a set of coordination principles. ICASI's experience in coordinating cross-industry security challenges makes it a great partner for FIRST in scoping, initiating, and leading the SIG efforts on these issues.

Brian Willis, one of the initial co-chairs of the SIG, said: "Events in 2014, not least the Heartbleed and Shellshock incidents, have once again highlighted the need for a more organized and repeatable approach to vulnerability coordination. We believe that the current state of the practice processes do not adequately enable the coordinated response required to effectively address the new complexities of vulnerability coordination."

Maarten Van Horenbeeck, President of the FIRST Board of Directors, added: "The group aims to build on existing work on the bi-lateral coordination of software vulnerabilities, acknowledging that the world can be more complex, and identifying the right mix of approaches to address this risk. We hope that the formation of this SIG will help us begin to address coordination issues and continue to foster a common way of working as a community interested in improving our collective responsiveness to software vulnerabilities."

Marie Steinmetz, President of ICASI, said: "Vulnerability coordination is a significant issue that affects the memberships of both ICASI and FIRST. The growing complexity of vulnerability coordination requires a multi-stakeholder model, bringing together the response community to define and agree on coordination principles and best practices. We believe this SIG can bring the various stakeholder communities together to improve vulnerability coordination globally. ICASI looks forward to playing an active part in this effort."

FIRST is seeking participants from key stakeholder communities, such as the open source community, vendors and CSIRTs to join our efforts in this SIG.

Interested participants should email first-sec@first.org


MEDIA CONTACTS:

Harry Saunders or Janine Maxwell Four Communications Tel: +44 (0)20 3697 4329 or +44 (0)20 3697 4351 Email: harry.saunders@fourcommunications.com or janine.maxwell@fourcommunications.com

About FIRST

Founded in 1990, FIRST consists of internet emergency response teams from more than 200 corporations, government bodies, universities and other institutions from the Americas, Asia, Europe, Africa and Oceania. It leads the world's fight-back against cyber-crime, sabotage and terrorism, and promotes cooperation among computer security incident response teams and law enforcement agencies. For more information, visit: http://www.first.org.

About ICASI

The Industry Consortium for Advancement of Security on the Internet (ICASI) enhances the global security landscape by driving excellence and innovation in security response practices, and by enabling its members to proactively collaborate to analyze, mitigate, and resolve multi-stakeholder, global security challenges. For more information, visit http://www.icasi.org.


Please download the full release at first-press-release-20150325.pdf.