The goal of this SIG is to provide forum for Internet Infrastructure Vendors. In this context Internet infrastructure is considered to be Operating Systems, computer hardware, networking equipment and critical applications. This list is by no means exhaustive nor comprehensive.
The aim is to bring together product security teams and enable them exchange their experiences and best practices. This includes teams that are either handling technical or coordination aspects of the product security. The field of product security is unique in the sense that it is not relate only to a specific technical challenges (e.g., testing, programing, but also includes aspects of project management, legal and managerial issues.
Since the Vendor SIG is currently running as a Discussion Group, the main activity of the Vendor SIG is to organize meetings of Product Security Teams. Regular virtual meetings are planned to take place at least once per quarter. Attendance to the one and only face-to-face meeting per year is strongly encouraged. The SIG meets in person at the annual FIRST conference.
These meetings are open to all vendor teams irrespective if they are members of Vendor SIG or FIRST or not. Relevant guests are also welcomed. However, the chair/moderators can use their discretion and refuse participation if necessary. Note that meeting minutes are available on the FIRST wiki to all members on the SIG's mailing list.
For all inquiries send an email to firstname.lastname@example.org.
Note that sending emails to the mailing list is restricted to those on the mailing list.
In order to join the SIG the applicant must be recognized by, at least, two existing members. Membership in FIRST is not a requirement to become a member of Vendor SIG.
For complete list of participating vendors and how to reach them see here.
This SIG is currently running as a Discussion Group and is not striving to provide any deliverable in written form, such as a standard or best practices document.
For previously created documents see here.