Maturity Level 2 (Intermediate) - I am reactive, but I’ve trained for it!

by Lisa Bradley, Nvidia
Wednesday, January 23rd, 2019

Are you mature, are you immature - what are you? Maturity Level 2 is about adapting the ad-hoc PSIRT strategies into full blown policies and processes. It is about starting to turn the corner from reactive to proactive. Maturity Level 2 in the PSIRT Services Framework describes services and functions that a PSIRT can offer and improve upon to achieve a higher level of maturity.

You are now moving beyond the basics of having an email alias and doing vulnerability disclosure. You now will define exception processes, time to remediation, necessary education, integration into the Software Development Lifecycle (SDLC) and joining external organizations such as FIRST. At this stage you will likely keep altering things and improving them as you learn more. This maturity level is where the fun begins as you unleash your creativity and the panic of the “oh, no I need to create a PSIRT” subsides. Good luck on this fun adventure to becoming a mature PSIRT.

Written by Lisa Bradley, Nvidia