11th FIRST Conference on Computer Security Incident Handling and Response

The Conference is sponsored by FIRST.ORG, Inc.

Date:
13-18 June 1999
Location:
Brisbane, Australia

Birds of a Feather Sessions

As with preceding FIRST Conferences, Birds-of-a-Feather (BOF) sessions will be held at the 1999 FIRST Conference in Brisbane, Australia. BOF sessions are informal gatherings of people who are interested in talking over issues on the same topic.

Please find appended a listing of the currently confirmed BOF sessions for Brisbane. The allocated time for BOF discussions is 19:00-21:00 Tuesday, June 15, 1999. There are eight available BoF sessions - four BoF Streams running concurrently for each of the two one hour sessions.

A BOF timetable will also be displayed at the conference (this will include the rooms where the BOFs are being held). Please check the conference BOF timetable for the latest details when you arrive.

The listing below consists of two parts. The first part is a simple table outlining the title, coordinator and starting time of each BoF. Below the table is a more detailed description of each BoF.

If you have any specific issues you'd like to raise during a BOF you'll be attending you may wish to contact that BOF's session leader and let them know. This will give them an idea of what people are interested in.

If you have any specific comments, questions or requests with regard to the BoF scheduling, please contact the BoF Coordinator, Rob McMillan <auscert@auscert.org.au>


BoF PROGRAM
Starting Time
(Stream Number)
Title/Coordinator
19:00 (1) FIRST's role in the International Infrastructure Issues for Global Incident Response
Moira West-Brown <mjw@cert.org>,
Klaus-Peter Kossakowski <kpk@work.de>
Please note: The read-ahead document is available from http://www.first.org/conference/1999/ACDA-WP-GSIR.pdf.
19:00 (2) Voice over IP - Security Issues and Concerns
Guy Hadsall <ghadsal@acm.org>
19:00 (3) Robert's Rules of Order
Jeff Carpenter <jjc@cert.org>
19:00 (4) Vacant
20:00 (1) Norms for Disclosure Scheduling and Credit in Advisories
John Bashinski <jbash@cisco.com>
20:00 (2) FIRST Pre-conference follow-up meeting
Wietse Venema <wietse@porcupine.org>
20:00 (3) Vacant
20:00 (4) Vacant


Stream 1: 19:00
Title: FIRST's role in the International Infrastructure Issues for Global Incident Response

We are working on a project involving the SEI and the US State Department. The project stems from the US State Department's interest in encouraging cooperation with other governments on protecting critical infrastructure assets.

The work we are undertaking involves the development of a white paper discussing the International Infrastructure Issues for Global Incident Response. In it's current form the paper outlines a vision consisting of the following four interdependent key elements:

  1. An infrastructure to enable and coordinate global incident response efforts
  2. A forum to facilitate the discussion and development of international standards, policies and agreements that support global security incident response
  3. A capability to participate in the improvement of technology through the collection, analysis and dissemination of practical experiences, data and lessons learned in the global incident response community
  4. A professional organization to enhance the recognition and education of incident response and security personnel and teams

This vision cannot be achieved without international participation, commitment and cooperation among governments, law enforcement, commercial organizations, researchers, and practitioners such as FIRST members who have experience in responding to current incidents.

The US State Department is interested in getting feedbackfrom the FIRST membership on the white paper and ideas expressed within it.

From FIRST's perspective, this is a opportunity to build on the work of previous task forces and consider what role FIRST can play in this vision. The first draft of the white paper will be distributed at or prior to theFIRST conference in Brisbane and we are planning to hold a BoF at the conference to obtain verbal feedback.

Please note: The read-ahead document is available from http://www.first.org/conference/1999/ACDA-WP-GSIR.pdf.


Stream 2: 19:00
Voice over IP - Security Issues and Concerns

Many organizations, including Telcordia Technologies (formerly Bellcore/Bell Communications Research) have been assisting several domestic (USA) and international tradition telecommunication organizations in recent years in responding to the telephony convergence. These large carriers have a structured topology, a structured methodology, and a very predictable operation. On the contrary smaller unrestricted organizations have emerged throughout the world in the past decade providing niche data services to local markets.

Now these nontraditional carriers are merging domestically and globally. UUnet, ANS, BBN, and CompuServe are now one, under a not so traditional carrier MCIWorldcom. Digex is now under Intermedia. MCI and BT form Concert. DialUp Points of Presence (POP) are growing like mushrooms all over the world; Africa, Asia, South Pacific, Carribean, South America, and hundreds more each day. The explosion of dedicated circuits to not just academic and research institutions is bring millions of new hosts onto the Internet monthly.

And what will the future be for the EU carriers? Asia? What was non-traditional is now the norm. We cannot expect traditional actions or reactions to tomarrows incidents and threats.

This BOF will openly discuss how we as incident handlers will respond to these new carriers. We will explore whats happening in the industry and discuss options for handling incident response with these ever changing organizations.

The goal of this BOF will be provide the participants with the tools and information to collect and maintain data concerning the global telephony carriers in order to assist in the incident response process.


Stream 3: 19:00
Robert's Rules of Order

This will be a Q&A session where people can ask Jeff Carpenter, the parliamentarian for the FIRST AGM, any questions about Robert's Rules of order or parliamentary procedure that they wish. Topics that can be covered are the reasons why certain things are done they way are, explanations on how to accomplish specific things in a meeting, or, if nothing else, perhaps try to stump the parliamentarian with complex questions.


Stream 4: 19:00
This BoF session is still available for booking.


Stream 1: 20:00
Norms for Disclosure Scheduling and Credit in Advisories

Many FIRST teams issue advisory notices about security vulnerabilities. The preparation for issue of such notice typically involves a number of parties, possibly including one or more discoverers of a vulnerability, one or more vendors of vulnerable products, and one or more coordinating entities.

A set of informal norms have arisen for this process. However, these norms don't seem to be written down anywhere, and are being tested both by cultural changes within the security community, and by structural changes, such as the increasing number of teams and the advent of the "security company" as a real force.

There is significant disagreement about how such advisories should be timed, and about what responses should be expected from the various parties. Public announcements by outside parties threaten the relevance of advisories issued under the traditional "wait for the vendor" regime. Simultaneous issuance of advisories by multiple organizations is becoming more frequent. Furthermore, the issue of credit for discovering security vulnerabilities has begun to become important.

This session will be centered around issues of advisory timing and credit in advisories, but may extend to discussion of other norms of the advisory process, and of other processes for disclosure of security bugs. The goal is to start a discussion which may eventually result in better-defined, better-accepted, and more appropriate norms.


Stream 2: 20:00
FIRST Pre-conference follow-up meeting

The FIRST Steering Committee will be conducting a pre-conference meeting on Sunday 13 June 1999. Attendance and participation at the pre-conference meeting is limited to FIRST team members and their invited guests, subject to approval by the Steering Committee. This BoF session has been scheduled to permit further discussion of topics that are not resolved during the Sunday meeting.

This session may also be used or extended as necessary to prepare and discuss motions to be put during the FIRST AGM at 16:30 on Thursday 17 June.


Stream 3: 20:00
This BoF session is still available for booking.


Stream 4: 20:00
This BoF session is still available for booking.


Last modified: Mon Jun 7 10:06:08 EST 1999

Copyright © 1999 by FIRST.ORG, Inc. / Contact: FIRST Secretariat <first-sec@first.org>