The PSIRT SIG is an assembly of active industry practitioners driving the evolution of PSIRT practices by developing and maturing product response, through collaborating to bridge the knowledge gap between vulnerability and response aspects of product security from newly formed to well-established teams. The SIG will educate and inform PSIRTs on known good practices, continue the development of the PSIRT Services Framework, curate and develop supporting training materials, and empower them to rapidly address the evolving threat landscape.
Goals & Deliverables
The PSIRT SIG will support the evolution of PSIRTs through the following deliverables:
- Foster collaboration between PSIRTs across different organizational and industry verticals.
- Develop and share a common body of knowledge (CBK) on PSIRT best practices.
- Produce PSIRT-focused collateral to assist in educating corporate leadership.
- Curate a list of all PSIRT-focused conferences and colloquia.
- Publish a PSIRT capability maturity assessment.
- Provide online education and training materials to PSIRTs of various maturity levels.
- Publish presentations on PSIRT Education topics on the FIRST website under a creative commons license.
- The presentations will be organized by topic (Intro, Process, Consuming (i.e. OSS, vendor code), Response, Scoring, Tooling, Support).
- Reach a wide audience (Baseline, Company, PSIRT Ops, PSIRT Leadership/Management, QA, Security Officers, Security Engineers).
- The content will be compiled by PSIRT SIG members and the greater FIRST community and will align to the PSIRT Framework and terminology.
- The presentations are grouped by priority level (high 1 – 5 low) and will be released in batches according to priority level.
- Peter Allor, Red Hat
- Josh Dembling, Intel