Special Interest Group Updates

The new Time Security SIG was approved and started operating. It exists to help the global FIRST community prepare for the 2036–2038 epoch rollovers. By coordinating research, testing, and outreach on time integrity, the SIG connects CSIRTs, vendors, and standards bodies to strengthen resilience across critical infrastructure. It´s goal is to ensure the world’s clocks keep running — securely — long past 2038. If you are interested in more information or want to join, head over to https://www.first.org/global/sigs/time/.

The DNS Abuse SIG has completed the first set of Advice to Stakeholders, based on the DNS Abuse Matrix, covering Detection of the various types of DNS Abuse included. They are currently working on the next round of updates, as well as a TODO list that has been added to over time as a result of the various discussions held, as well as from feedback given. The current set of documents has been published under the SIG homepage and can be found here. Also, they are sad to say that Jonathan Spring has stepped down as one of the chairs of the SIG. He’ll remain a member, but his help will definitely be missed.

The CVSS SIG announces the publication of a new supplementary document, the CVSS Consumer Implementation Guide. This document aims to help users of CVSS implement the standard to its fullest by tailoring scores to unique deployment environments. It offers explicit advice on how to enrich vulnerability assessments using CVSS v4 and why it makes those assessments more accurate. The guide is available now at the following link.

The Women of FIRST SIG has published their annual newsletter, it can be found here.

Published on FIRST POST: Oct-Dec 2025.