SIG

• The EPSS SIG started a list to keep track of products leveraging EPSS. For anybody interested can check this out here.
• The CVSS SIG is still making progress on the v4.0 schedule, has finished reviewing all questions and comments received and is targeting an official publication date of October 31, 2023. In addition, Nick Leali (Cisco) and Dave Dugal (Juniper) presented "CVSS v4.0: Where the Rubber Meets the Road" at the PSIRT TC on Thursday, September 21st, 2023. The presentation was well received with a few questions about why certain vulnerabilities had higher or lower scores than others
  • Nick focused on provider (vendor) scoring case studies, while Dave focused on the use and consumption of Supplemental Metrics, which again was well received, given their novel nature: metrics with no impact to the final CVSS-BTE score.
  • PPTx available on the PSIRT TC page
• The DNS abuse SIG has produced a minor update (version 1.1) to their English document and also (with shout out to JPCERT/CC) published a Japanese language translation. They are working on producing additional details for detection and prevention of abuse techniques and information about publication will be covered here in this Newsletter as well as other channels, as soon as they can be communicated
• The TLP-SIG has finalised a set of posters (same content, 3 different colour schemes) and their first use case document will be published shorty
• The CTI SIG is preparing to release the update for CTI Curriculum version 3, currently under word-smithing process. As soon as it is published you will learn it here in the Newsletter, as well as our other channels
• The PSIRT SIG held their TC last week (virtual) and had 110 attendees for the daylong event. In total 63 PSIRTs were represented

Published on FIRST POST: Oct-Dec 2023