Building Bridges is fine, but you have to use them

The motto of this year's annual conference was "Fortresses of the Future: Building Bridges not Walls." We continually emphasize that successful incident response depends on CSIRT collaboration. When I attend meetings at the UN, OSCE, and similar organizations, participants consistently insist that CSIRTs work together and exchange information. I certainly remember a time when I could freely exchange information with peers worldwide.

However, our world is becoming increasingly polarized as new political alliances and blocks form. I observe this trend within our community as well. While we celebrate global diversity, we have stopped talking globally. We also seem to be losing vertical communication—looking at our Slack channels, I see some teams withdrawing.

This concerns me deeply. FIRST provides an excellent platform for building bridges, but we must actively use these bridges. Naturally, you wouldn't report an APT to the national CSIRT of the suspected country of origin, but you might send phishing reports there. The log4j vulnerability exemplifies responsible disclosure—discovered by a Chinese team and reported appropriately to the maintainers.

You may not always receive responses, as incident response has become politicized. One colleague tells me he continues sending complaints and sees issues being resolved, though replies never come. Our Code of Ethics mentions a duty to inform. While this focuses on a team's constituency, I believe we should generalize this principle. We have nothing to lose by attempting collaboration, but everything to lose by abandoning it.

Published on FIRST POST: Apr-Jun 2025