FIRST Releases Training to Help Companies Respond to Product Vulnerabilities

June 21^st, 2018 – The Forum of Incident Response and Security Teams (FIRST) have today announced the release of new training resources to help companies build and mature Product Security Incident Response Teams (PSIRTs). Developed by FIRST’s own PSIRT committee the materials are aimed at inhouse teams responsible for identifying and responding to product vulnerabilities. The purpose of the training is to demonstrate the differences and requirements management and stakeholders should be aware of to fully realize the potential of a PSIRT to their organization. This training supplements the PSIRT Framework, which was developed over the course of the last few months by security practitioners across FIRST’s global members.

“Through the PSIRT Framework and training material, some of the industry’s leading security experts are sharing all their expertise for managing security crises,” stated Thomas Schreck, Chair of FIRST. “The accompanying video training will introduce all interested parties to the core services areas within the PSIRT Service Framework.”

The training materials help companies build and implement strategies to mitigate and respond to vulnerabilities in the products and hardware that propel much of the information infrastructure. “Recent events have shown the importance of having the ability to quickly respond to product vulnerabilities,” stated Serge Droz, Board member and Education Liaison. “This new framework is designed to assist both those looking to start a PSIRT program as well as those looking to mature their existing capabilities."

If an organization engineers and develops products or services for customers that are internet connected, the PSIRT Committee suggests using the Framework as a means to support incident responders. The Framework can also be used to convey to others, in a common language, the importance of working on product security issues. Version 1.0 of the PSIRT Framework, released at the same time, is available on the FIRST website:

https://www.first.org/education/FIRST_PSIRT_Service_Framework_v1.0 (PDF.

The training materials are available to the public for educational use on https://learning.first.org. FIRST will also provide training to PSIRT teams as part of its current Education and Training Program.

About the PSIRT Training Course

This video-based course introduces practitioners to the core Service Areas of the PSIRT Services Framework.

The course covers the key concepts of developing and maintaining a mature PSIRT.
Topics include:

• What a PSIRT is and the various organizational structures to them;
• The foundations of a solid PSIRT;
• How to define and manage stakeholders;
• Vulnerability discovery, reporting, and intake;
• Vulnerability qualification and reproduction;
• Patch management, remediation, and incident handling;
• Stakeholder notification, coordination, and disclosure;
• Training within your organization to ensure efficient product security processes.

FIRST thanks and recognizes the following organizations for participating in the production of the training videos DELL, EMC, Hikvision, Honeywell International, Lenovo, Microsoft, NVIDIA, Oracle, CERT/CC, and Red Hat.

---

About FIRST

Founded in 1990, the Forum of Incident Response and Security Teams (FIRST) consists of internet emergency response teams from more than 360 corporations, government bodies, universities and other institutions across 78 countries in the Americas, Asia, Europe, Africa, and Oceania. It promotes cooperation among computer security incident response teams. For more information, visit: https://www.first.org.

Media Contacts

Mandy Queen
Cred Communications Ltd
Tel: +852 9684 7365 | +852 2110 3519
Email: mandy@credcommunications.com