FIRST Conference – New standards agreed for internet vendors and national security co-ordinators

English is set to become the international language for computer and Internet vulnerability handling, following talks this week at the FIRSTannual conference in Baltimore, USA.

WASHINGTON – LONDON – TOKYO – June 27, 2006. English is set to become the international language for computer and Internet vulnerability handling, following talks this week at the FIRST (Forum of Incident Response and Security Teams) annual conference in Baltimore, Maryland, USA. Members of the FIRST vendors’ special interest group met delegates from national emergency response teams to eliminate past causes of misunderstanding and frustration in their relationship. Recommendations included: English as a common language24/7 emergency coverage by CERT teamsNew protocols on confidentiality, including an understanding that news of vulnerabilities will not be issued before patches or other solutions have been devised and appliedBoth sides agreed to work at all times in good faith, which they accept as "a key linchpin for any successful, co-ordinated, multiple vendor disclosure process." This was the first meeting between the FIRST vendors’ SIG, which represents the world’s 24 top vendors, and national CERTs. Present were delegates from Cisco Systems, Sun, Oracle and IBM on the vendors’ side, and co-ordinators’ representatives from JPCERT/CC (Japan), CERT/CC (USA), NISCC (UK), and FICORA (Finland). "We’re looking at a breakthrough here", said Damir Rajnovic of Cisco Systems, the group chair. "Assuming these recommendations get confirmed and published in July, we’re confident that a much more effective, efficient and transparent relationship will be established. One fantastic result of these talks will be a new trust between all parties." More than 300 delegates from 39 countries – the greatest geographical spread ever – attended FIRST’s conference, which runs until June 30. The worldwide Forum of Incident Response and Security Teams leads the world's fight-back against cyber-crime, sabotage and terrorism, and consists of the Internet emergency response teams from 180 corporations, government bodies, universities and other institutions spread across the Americas, Asia, Europe and Oceania. More about the FIRST Baltimore Conference at www.first.org/conference/2006 More about FIRST at http://www.first.org&http://www.first.org/about FIRST hosts a Global Security News Feed at http://www.first.org/newsroom/globalsecurity

Tue, 27 Jun 2006 16:36:00 +0000

FIRST Conference – New standards agreed for internet vendors and national security co-ordinators

English is set to become the international language for computer and Internet vulnerability handling, following talks this week at the FIRSTannual conference in Baltimore, USA.

WASHINGTON – LONDON – TOKYO – June 27, 2006. English is set to become the international language for computer and Internet vulnerability handling, following talks this week at the FIRST (Forum of Incident Response and Security Teams) annual conference in Baltimore, Maryland, USA.

Members of the FIRST vendors’ special interest group met delegates from national emergency response teams to eliminate past causes of misunderstanding and frustration in their relationship.

Recommendations included:

  • English as a common language
  • 24/7 emergency coverage by CERT teams
  • New protocols on confidentiality, including an understanding that news of vulnerabilities will not be issued before patches or other solutions have been devised and applied
  • Both sides agreed to work at all times in good faith, which they accept as "a key linchpin for any successful, co-ordinated, multiple vendor disclosure process."