The aim is to bring together product security teams and enable them exchange their experiences and best practices. This includes teams that are either handling technical or coordination aspects of the product security. The field of product security is unique in the sense that it is not relate only to a specific technical challenges (e.g., testing, programing, but also includes aspects of project management, legal and managerial issues.
Since the Vendor SIG is currently running as a Discussion Group, the main activity of the Vendor SIG is to organize meetings of Product Security Teams. Regular virtual meetings are planned to take place at least once per quarter. Attendance to the one and only face-to-face meeting per year is strongly encouraged. The SIG meets in person at the annual FIRST conference.
These meetings are open to all vendor teams irrespective if they are members of Vendor SIG or FIRST or not. Relevant guests are also welcomed. However, the chair/moderators can use their discretion and refuse participation if necessary. Note that meeting minutes are available on the FIRST wiki to all members on the SIG's mailing list.
For all inquiries send an email to firstname.lastname@example.org.
Note that sending emails to the mailing list is restricted to those on the mailing list.
In order to join the SIG applicants must be recognized and approved by the chair. Membership in FIRST is not a requirement to become a member of the Vendor SIG.
For a complete list of participating vendors security and how to reach them see here.