Results of the 'De Waarschuwingsdienst' alerting service
Alerts on vulnerabilities, viruses and worms
We've had good feedback on our alerts, both for vulnerabilities and for viruses. The number of subscriptions to our alerts mailing list has currently reached almost 55,000 members [July 2005].
Background information and security advice
We started a monthly newsletter that contains an overview of the alerts from the past month, plus background information on what's current. The feedback to the newsletter is also good and the number of subscriptions has currently surpassed 16,000 [July 2005].
Helpdesk functionality
For De Waarschuwingsdienst, it was decided not to incorporate any helpdesk functionality. We have stated this on our website and found it to be sufficient. We currently receive fewer than 5 e-mails from users daily. This is sufficiently low to enable us to deal with each e-mail personally and quickly.
Partnership with a CSIRT
We have found the partnership with GOVCERT.NL to be extremely beneficial. GOVCERT.NL and De Waarschuwingsdienst are the same people. As a result, every bit of information within GOVCERT.NL may be reused for De Waarschuwingsdienst, unless it is confidential or otherwise not for re-use. The partnership allows us to reduce overheads, as only one person will need to keep track of current information, assessing it for use both within GOVCERT.NL and De Waarschuwingsdienst at the same time.
Alerts on viruses
In our experience, it is very difficult to provide alerts on viruses. We use multiple channels based on the severity of a virus. We will not alert on viruses unless it is fairly prevalent, in which case we publish an alert on our website. In case of an outbreak, we also e-mail an alert and send out an SMS. The difficulty for us lies in deciding when to e-mail and when not to. It is very difficult to correlate the various sources of virus information that we currently have. Some of them are contradictory at times, which makes it very hard to decide on the exact moment that a virus outbreak occurs. Worms are somewhat easier in that they spread without user intervention. As a result, once a fully functional worm hits the Internet, it will spread very rapidly.
Alerts in general
With a target audience of home users and small businesses, we have found it extremely hard to use just the right tone and language in our alerts. We have noticed a gradual change in our alerts. If you were to compare a current alert with an alert published a year ago it would be very obvious that they have become less technical. Nevertheless, writing a good alert that will be understood by our target group remains a very difficult task. In our team, the technical specialist writes the alerts and modifies them based on feedback from the communication advisor. All technical specialists have received a short training course on writing alerts.
Background information and security advice
We implemented our newsletter approximately four months after the start of De Waarschuwingsdienst. We had not anticipated this new service in our terms and conditions. As a result, we could not e-mail the existing members of our alert mailing list to notify them of the existence of the newsletter. Instead, we could only mention the newsletter in the footer of an alert. Looking back, it would have made sense to include a clause in our terms and conditions that would allow the use of the alert mailing list for the purpose of announcing new services, if a user had agreed to that.
The target audience
We did not perform market research before starting. At times, we felt this to be a problem, especially when deciding which vulnerabilities to write about.