TC November 2005

Introduction and welcome

Vendor SIG Meeting

Wednesday — November 16th, 2005 09:00

Click for Vendor SIG Meeting Program

Presenters

  • Damir Rajnovic (Cisco PSIRT — Cisco Systems Co., GB) GB

    Damir Rajnovic Damir is part of Cisco PSIRT (Product Security Incident Response Team). The only group in Cisco that publishes Cisco Security Advisories and we are the focal point for product security within Cisco. In the current role Damir’s responsibilities are to do whatever it takes to remove security vulnerabilities from all Cisco's products. Apart from the reactive work (responding to customer's incidents and managing vulnerabilities) Damir works on several proactive efforts to help building more secure products. These efforts are concentrated on educating developers to write more secure code and working with product designers during the design stage.

    Part of the daily job is to liaise and maintain relationship with relevant external organization. Some of the entities Damir is connect to are: law enforcement (National Hi-Tech Crime Unit, now Serious Organized Crime Agency), coordinating centres (CERT/CC, JPCERT, NISCC) and other appropriate entities (Internet Crime Forum, GCHQ).

    .Damir is actively involved in computer security arena since 1993. It started with Ministry of Foreign Affairs of Republic of Croatia, continued in Ministry of Science and Technology of Republic of Croatia, moved to EuroCERT to end in Cisco System’s PSIRT where he still is. EuroCERT was project with the aim to coordinate CERTs within European region. The project is no longer active. During that period he established CarnetCERT, was instrumental in creation of EuroCERT and constantly involved in CERT forums - both FIRST (internationally) and TF-CSIRT (European region). Non-security related work includes working on a Radio 101 as a sound engineer and a theatrical group.

    Among other FIRST-related activities, Damir is the main driver behind Vendor SIG – special interest groups under FIRST umbrella. The purpose of that forum is to facilitate dialog among product security groups from different vendors. Although the idea behind Vendor SIG existed for some time the forum started its life at the beginning of 2005 and already 23 vendors participate in it. More details at http://www.first.org/vendor-sig/