FIRST Uniform IPR Policy and FAQ

The FIRST Uniform IPR can be found at https://www.first.org/about/policies/uniform-ipr and can be downloaded as a PDF below.

What is the purpose of the IPR?

The FIRST IPR Policy is to ensure uniformity amongst members and contributors in all SIG Efforts. The IPR is to ensure that all submissions are not patented, that all work product or similar information for use within the SIG is freely provided to FIRST and is not owned by any entity or individual. It is the intent of FIRST to provide globally use freely. All contributions to FIRST SIG efforts are made without reservation by the individual and/or their organization.

Who needs to sign the IPR?

This is the Policy for all SIGs developing materials for publishing or creating a work product. It is an organizational IPR, meaning that the participant's organization not only reviews and agrees to the IPR. Thus each organization must have an appropriate level review in their organization, the IPR is signed by an authorized person for the organization sign it (usually involves their internal legal review). The organization must sign the IPR for each SIG it participates in. The format is standard, so a legal team would only have to review once, but each individual IPR must list the name of the SIG the organization's employees will participate in. Each individual contributor to a SIG must be aware of the IPR and its contents and contribute ideas / materials. IPRs are signed prior to an individual is contributing (but they may listen in until signed).

FIRST allows for open SIG's meaning anyone can apply and join the SIG – including members and non-members of FIRST. The SIG Co-Chairs maintain a list or contributors and those auditing the meeting. All SIG operate under the guidance of the SIG Board Liaison. All SIGs are Chartered annually by the FIRST Board of Directors. The IPR is currently in use for CVSS SIG, the Vulnerability Coordination SIG and Information Exchange Policy SIG.

Can we propose changes / amend the FIRST IPR?

No, the IPR is uniform for all SIGs / Contributors and has passed FIRST Legal and FIRST Board of Directors approval. The IPR will not be modified per individual or company request.

Questions? Please contact first-sec@first.org

Uniform IPR Policy (PDF file, 141KB)