Current FIRST SIGs

CVSS SIG: Common Vulnerability Scoring System

For a global approach towards scoring metrics for vulnerabilities.

IEP SIG: Information Exchange Policy

The initial goals of this SIG are to collaboratively develop an extensible framework for defining information exchange policy and a set of standard definitions for most common aspects.

ICS SIG: Industrial Control Systems

Information Sharing SIG

The core mission is to support existing and new FIRST members to practice information sharing and acquire feedback from the members to improve the information sharing practices.

Vendor SIG: Internet Infrastructure Vendors

The goal of this SIG is to provide forum for Internet Infrastructure vendors.

Malware Analysis

This SIG will advocate and promote the sharing of malware analysis tools and techniques to enable CSIRTs to combat and analyze malicious code.

Metrics SIG

To improve CSIRT incident management practices within the FIRST community.

Passive DNS Exchange

Develops and maintains a standard for exchanging passive DNS information between organizations.

Red Team SIG

The Red Team SIG shall provide a forum for Red Team members or leaders in order to discuss state of the art Red Teaming technologies, processes and methodologies.

TLP SIG Traffic Light Protocol

The TLP SIG governs the standard definition of TLP for the benefit of the worldwide CSIRT community and its operational partners.

Vulnerability Coordination SIG

Develop and execute a strategy for improving vulnerability coordination globally.

Vulnerability Reporting and Data Exchange SIG

Primarily chartered to research and recommend ways to identify and exchange vulnerability information across disparate vulnerability databases.

Events at spotlight

FIRST is the global Forum for Incident Response and Security Teams

FIRST is the premier organization and recognized global leader in incident response. Membership in FIRST enables incident response teams to more effectively respond to security incidents reactive as well as proactive.

FIRST brings together a variety of computer security incident response teams from government, commercial, and educational organizations. FIRST aims to foster cooperation and coordination in incident prevention, to stimulate rapid reaction to incidents, and to promote information sharing among members and the community at large.

Apart from the trust network that FIRST forms in the global incident response community, FIRST also provides value added services. Some of these are:

Currently FIRST has more than 300 members, spread over Africa, the Americas, Asia, Europe and Oceania.

What's new

  • Thu, 11 Aug 2016
  • FIRST announces the Suguru Yamaguchi Fellowship Program (12:00 +0100)

    The Forum of Incident Response and Security Teams (FIRST) is announcing it is renaming its Fellowship Program to the “Suguru Yamaguchi Fellowship Program” in honor and in memory of the late Dr. Suguru Yamaguchi, a former member of the Board of Directors for FIRST, from 2011 through 2013.

  • Thu, 28 Jul 2016
  • 2016 Episode 9: AnubisNetworks Team Talks Asia-Pacific, Growth of Mobile (18:05 +0100)

    Join the interview in progress! The discussion dives into the very relevant issues that the AnubisNetworks team has been researching and fighting that have been arising out of the Asia-Pacific region. Chris chats with Joao Gouveia, CTO at AnubisNetworks and Nuno Vieira da Silva, Head of Sales at AnubisNetworks. AnubisNetworks has been a supporter and sponsor of the Annual FIRST Conference since 2015.

  • 2016 Episode 8: Sharing is Caring - Alex Sierra and Alex Pinto of Niddel (18:00 +0100)

    Join the interview in progress! Martin chats with Alex Sierra, CTO of Niddel and Alex Pinto, Chief Data Scientist at Niddel about their presentation, "Sharing is Caring: Understanding and Measuring Sharing Effectiveness." This presentation was delivered at the 28th Annual FIRST Conference in Seoul, South Korea, June 13, 2016.

  • Mon, 11 Jul 2016
  • FIRST calls for participants for a new Special Interest Group (SIG) on Malware Analysis (15:54 +0100)

    Forum invites stakeholders to get involved in sharing best practice to mitigate malware incidents.


What is FIRST to you?