Also available as PDF(182KB)
The FIRST IPR Policy is to ensure uniformity amongst members and contributors in all SIG Efforts. The IPR is to ensure that all submissions are not patented, that all work product or similar information for use within the SIG is freely provided to FIRST and is not owned by any entity or individual. It is the intent of FIRST to provide global use freely. All contributions to FIRST SIG efforts are made without reservation by the individual and/or their organization.
This is the Policy for all SIGs developing materials for publishing or creating a work product. It is an organizational IPR, meaning that the participant's organization reviews and agrees to the IPR. Thus, each organization must have an appropriate level review in their organization, and the IPR is signed by an authorized person in the organization (usually involves their internal legal review). The organization must sign the IPR for each SIG it participates in. The format is standard, so a legal team would only have to review once, but each individual IPR must list the name of the SIG the organization's employees will participate in. Each individual contributor to a SIG must be aware of the IPR and its contents regarding the contributution of ideas and materials. IPRs are signed prior to an individual contributing (but they may listen to/audit the meetings until it is signed).
FIRST allows for open SIGs, meaning anyone can apply and join the SIG – including members and non-members of FIRST. The SIG Co-Chairs maintain a list of contributors and those auditing the meeting. All SIGs operate under the guidance of the SIG Board Liaison. All SIGs are Chartered annually by the FIRST Board of Directors. The IPR is currently in use for the CVSS SIG, the Vulnerability Coordination SIG, and the Information Exchange Policy SIG.
No, the IPR is uniform for all SIGs / Contributors and has passed FIRST Legal and FIRST Board of Directors approval. The IPR will not be modified per individual or company request.
Questions? Please contact firstname.lastname@example.org