Current FIRST SIGs

Botnet Mitigation and Remediation

To share experiences about botnet mitigation and remediation and to identify different approaches and best practices that can be implemented to address this problem.

CVSS SIG: Common Vulnerability Scoring System

For a global approach towards scoring metrics for vulnerabilities.

IEP SIG: Information Exchange Policy

The initial goals of this SIG are to collaboratively develop an extensible framework for defining information exchange policy and a set of standard definitions for most common aspects.

Vendors SIG: Internet Infrastructure Vendors

The goal of this SIG is to provide forum for Internet Infrastructure vendors.

Malware Analysis

This SIG will advocate and promote the sharing of malware analysis tools and techniques to enable CSIRTs to combat and analyze malicious code.

Metrics SIG

To improve CSIRT incident management practices within the FIRST community.

Network Monitoring SIG

To advocate and develop collection and analysis of network sensor.

Red Teaming SIG

Red Team exercises deliver end-to-end breach simulations that provide, as realistically as possible, security incidents that prepare those involved with dealing with actual breaches.

Traffic Light Protocol SIG

This SIG intends to produce initial drafts of a common, standardized set of definitions for all Traffic Light Protocol colors in English.

Vulnerability Coordination SIG

Develop and execute a strategy for improving vulnerability coordination globally.

Vulnerability Reporting and Data eXchange SIG

Primarily chartered to research and recommend ways to identify and exchange vulnerability information across disparate vulnerability databases.

Events at spotlight

FIRST is the global Forum for Incident Response and Security Teams

FIRST is the premier organization and recognized global leader in incident response. Membership in FIRST enables incident response teams to more effectively respond to security incidents reactive as well as proactive.

FIRST brings together a variety of computer security incident response teams from government, commercial, and educational organizations. FIRST aims to foster cooperation and coordination in incident prevention, to stimulate rapid reaction to incidents, and to promote information sharing among members and the community at large.

Apart from the trust network that FIRST forms in the global incident response community, FIRST also provides value added services. Some of these are:

access to up-to-date best practice documents
technical colloquia for security experts
hands-on classes
annual incident response conference
publications and webservices
special interest groups

Currently FIRST has more than 300 members, spread over Africa, the Americas, Asia, Europe and Oceania.

What's new

Mon, 21 Dec 2015
Extended Deadline for FIRST 2016 Call for Speakers - December 31st! (15:41 +0100)

28th Annual FIRST Conference: Getting to the Soul of Incident Response - June 12-17, 2016 | Seoul, Korea - Call for Papers Extended to 31 December!
The final report of the 2015 Best Practices Forum on CSIRT has been published (15:34 +0100)

The final report of the 2015 Best Practices Forum on CSIRT, organized within the Internet Governance Forum, has been published
Mon, 14 Dec 2015
FIRST has formed the Red Teaming SIG (12:10 +0100)

FIRST has formed the Red Teaming SIG. Interested participants who are part of an existing Red Team or in the process of forming one should send a request to be added to the mail list to first-sec@first.org