Oct-Dec 2023

Message from the Chair

By Tracy Bills

Wow, it is hard to believe that it has already been over 3 months since the annual conference! I hope everyone has been able to continue leveraging the knowledge gained and the relationships formed or strengthened at the conference to empower your local security communities and beyond.

Click here to read more

CVSS v4.0 is now available

By Chris Gibson

In June 2023, attendees at the 35th Annual FIRST Conference, in Montréal, Canada got a first-look preview of the new version of the Common Vulnerability Scoring System (CVSS), version 4.0. After two month of public comment followed by two months of addressing those comments, FIRST is proud to announce the official publication of CVSS version 4.0. November 1st, 2023 – Critical in the interface between supplier and consumer, CVSS provides a way to capture the principal characteristics of a security vulnerability and produces a numerical score reflecting its technical severity to inform and provide guidance to businesses, service providers, government, and the public.

Click here to read more

The Board in Oslo

By Chris Gibson

The first meeting of the board, post annual conference, has, in the past, been the time when the next year’s plans are reviewed, responsibilities are discussed and the budget and business plans are initiated.
We changed the 2022 and 2023 Conference program so we could hold the AGM earlier in the week - this year we did the AGM at the start of the week. This enabled the new board to meet with its new membership during the conference - allowing us to start much of the preparation work earlier.

Click here to read more

Migrating to the new FIRST SSO

By Dave Schwartzburg

Since 2020 the FIRST infrastructure team has run an identity provider (IdP), referred to as FIRST SSO, to secure and control access to FIRST services. This system is used for members, volunteers, event attendees, guests, the board of directors, and the operations team.
There are currently over thirty services, including: FIRST Portal, Slack, Wiki, MISP, API, eVoting, many administrative tools, as well as the recently added Capture the Flag and Learning platforms that leverage FIRST SSO.

Click here to read more

SIG

By Désirée Sacher-Boldewin

The Special Interest Groups are fairly busy, here is what is going on with some of them right now:

• AI Security SIG meets once per week (intensive cadence) - one or two talks per week. Talks are usually being recorded and automatically transcribed All things are in the wiki.
  They are exploring AI (currently mostly LLMs) for defenders (e.g. which new tools can defenders use), for attackers as well as other misc. aspects of AI
• The Automation SIG is meeting with an interval of once per month. They are progressing in creating a document for publication

Click here to read more

On the Road to Fukuoka / Call for presentation

By Yukako Uchida

FIRSTCON24: Bridging Security Response Gaps
Save the Date!
Get ready to join us for the 2024 FIRST Annual Conference, June 9-14 in Fukuoka, Japan! The information website is available and online registration opening will be in November. For those interested in submitting a presentation, please keep the following dates in mind:

• Call for Speakers Open: October 31, 2023
• Call for Speakers Close: November 30, 2023
• Acceptance Notifications: February 12-29, 2024
  
  For more details see here
  If you have any questions or wish to speak to someone about conference sponsorship opportunities, please contact events@first.org.

Click here to read more

New Teams Members: August, September, October

By Nora Duhig, Klee Aiken, Olivier Caleff

This quarter, 3 new Liaisons and 19 Teams joined as members: from Europe (14), APAC (3), LATAM (3), North America (2).

Click here to read more