FIRST Conference – New standards agreed for internet vendors and national security co-ordinators

WASHINGTON – LONDON – TOKYO – June 27, 2006. English is set to become the international language for computer and Internet vulnerability handling, following talks this week at the FIRST (Forum of Incident Response and Security Teams) annual conference in Baltimore, Maryland, USA.

Members of the FIRST vendors’ special interest group met delegates from national emergency response teams to eliminate past causes of misunderstanding and frustration in their relationship.

Recommendations included:

• English as a common language
• 24/7 emergency coverage by CERT teams
• New protocols on confidentiality, including an understanding that news of vulnerabilities will not be issued before patches or other solutions have been devised and applied
• Both sides agreed to work at all times in good faith, which they accept as "a key linchpin for any successful, co-ordinated, multiple vendor disclosure process."

English as a common language

24/7 emergency coverage by CERT teams

New protocols on confidentiality, including an understanding that news of vulnerabilities will not be issued before patches or other solutions have been devised and applied

Both sides agreed to work at all times in good faith, which they accept as "a key linchpin for any successful, co-ordinated, multiple vendor disclosure process."

English as a common language

24/7 emergency coverage by CERT teams

New protocols on confidentiality, including an understanding that news of vulnerabilities will not be issued before patches or other solutions have been devised and applied

Both sides agreed to work at all times in good faith, which they accept as "a key linchpin for any successful, co-ordinated, multiple vendor disclosure process."

This was the first meeting between the FIRST vendors’ SIG, which represents the world’s 24 top vendors, and national CERTs. Present were delegates from Cisco Systems, Sun, Oracle and IBM on the vendors’ side, and co-ordinators’ representatives from JPCERT/CC (Japan), CERT/CC (USA), NISCC (UK), and FICORA (Finland).

English as a common language

24/7 emergency coverage by CERT teams

New protocols on confidentiality, including an understanding that news of vulnerabilities will not be issued before patches or other solutions have been devised and applied

Both sides agreed to work at all times in good faith, which they accept as "a key linchpin for any successful, co-ordinated, multiple vendor disclosure process."

This was the first meeting between the FIRST vendors’ SIG, which represents the world’s 24 top vendors, and national CERTs. Present were delegates from Cisco Systems, Sun, Oracle and IBM on the vendors’ side, and co-ordinators’ representatives from JPCERT/CC (Japan), CERT/CC (USA), NISCC (UK), and FICORA (Finland).

English as a common language

24/7 emergency coverage by CERT teams

New protocols on confidentiality, including an understanding that news of vulnerabilities will not be issued before patches or other solutions have been devised and applied

Both sides agreed to work at all times in good faith, which they accept as "a key linchpin for any successful, co-ordinated, multiple vendor disclosure process."

This was the first meeting between the FIRST vendors’ SIG, which represents the world’s 24 top vendors, and national CERTs. Present were delegates from Cisco Systems, Sun, Oracle and IBM on the vendors’ side, and co-ordinators’ representatives from JPCERT/CC (Japan), CERT/CC (USA), NISCC (UK), and FICORA (Finland)."We’re looking at a breakthrough here", said Damir Rajnovic of Cisco Systems, the group chair. "Assuming these recommendations get confirmed and published in July, we’re confident that a much more effective, efficient and transparent relationship will be established. One fantastic result of these talks will be a new trust between all parties."

English as a common language

24/7 emergency coverage by CERT teams

New protocols on confidentiality, including an understanding that news of vulnerabilities will not be issued before patches or other solutions have been devised and applied

Both sides agreed to work at all times in good faith, which they accept as "a key linchpin for any successful, co-ordinated, multiple vendor disclosure process."

This was the first meeting between the FIRST vendors’ SIG, which represents the world’s 24 top vendors, and national CERTs. Present were delegates from Cisco Systems, Sun, Oracle and IBM on the vendors’ side, and co-ordinators’ representatives from JPCERT/CC (Japan), CERT/CC (USA), NISCC (UK), and FICORA (Finland)."We’re looking at a breakthrough here", said Damir Rajnovic of Cisco Systems, the group chair. "Assuming these recommendations get confirmed and published in July, we’re confident that a much more effective, efficient and transparent relationship will be established. One fantastic result of these talks will be a new trust between all parties."

English as a common language

24/7 emergency coverage by CERT teams

New protocols on confidentiality, including an understanding that news of vulnerabilities will not be issued before patches or other solutions have been devised and applied

Both sides agreed to work at all times in good faith, which they accept as "a key linchpin for any successful, co-ordinated, multiple vendor disclosure process."

This was the first meeting between the FIRST vendors’ SIG, which represents the world’s 24 top vendors, and national CERTs. Present were delegates from Cisco Systems, Sun, Oracle and IBM on the vendors’ side, and co-ordinators’ representatives from JPCERT/CC (Japan), CERT/CC (USA), NISCC (UK), and FICORA (Finland)."We’re looking at a breakthrough here", said Damir Rajnovic of Cisco Systems, the group chair. "Assuming these recommendations get confirmed and published in July, we’re confident that a much more effective, efficient and transparent relationship will be established. One fantastic result of these talks will be a new trust between all parties."More than 300 delegates from 39 countries – the greatest geographical spread ever – attended FIRST’s conference, which runs until June 30. The worldwide Forum of Incident Response and Security Teams leads the world's fight-back against cyber-crime, sabotage and terrorism, and consists of the Internet emergency response teams from 180 corporations, government bodies, universities and other institutions spread across the Americas, Asia, Europe and Oceania.

English as a common language

24/7 emergency coverage by CERT teams

New protocols on confidentiality, including an understanding that news of vulnerabilities will not be issued before patches or other solutions have been devised and applied

Both sides agreed to work at all times in good faith, which they accept as "a key linchpin for any successful, co-ordinated, multiple vendor disclosure process."

This was the first meeting between the FIRST vendors’ SIG, which represents the world’s 24 top vendors, and national CERTs. Present were delegates from Cisco Systems, Sun, Oracle and IBM on the vendors’ side, and co-ordinators’ representatives from JPCERT/CC (Japan), CERT/CC (USA), NISCC (UK), and FICORA (Finland)."We’re looking at a breakthrough here", said Damir Rajnovic of Cisco Systems, the group chair. "Assuming these recommendations get confirmed and published in July, we’re confident that a much more effective, efficient and transparent relationship will be established. One fantastic result of these talks will be a new trust between all parties."More than 300 delegates from 39 countries – the greatest geographical spread ever – attended FIRST’s conference, which runs until June 30. The worldwide Forum of Incident Response and Security Teams leads the world's fight-back against cyber-crime, sabotage and terrorism, and consists of the Internet emergency response teams from 180 corporations, government bodies, universities and other institutions spread across the Americas, Asia, Europe and Oceania.

English as a common language

24/7 emergency coverage by CERT teams

New protocols on confidentiality, including an understanding that news of vulnerabilities will not be issued before patches or other solutions have been devised and applied

Both sides agreed to work at all times in good faith, which they accept as "a key linchpin for any successful, co-ordinated, multiple vendor disclosure process."

This was the first meeting between the FIRST vendors’ SIG, which represents the world’s 24 top vendors, and national CERTs. Present were delegates from Cisco Systems, Sun, Oracle and IBM on the vendors’ side, and co-ordinators’ representatives from JPCERT/CC (Japan), CERT/CC (USA), NISCC (UK), and FICORA (Finland)."We’re looking at a breakthrough here", said Damir Rajnovic of Cisco Systems, the group chair. "Assuming these recommendations get confirmed and published in July, we’re confident that a much more effective, efficient and transparent relationship will be established. One fantastic result of these talks will be a new trust between all parties."More than 300 delegates from 39 countries – the greatest geographical spread ever – attended FIRST’s conference, which runs until June 30. The worldwide Forum of Incident Response and Security Teams leads the world's fight-back against cyber-crime, sabotage and terrorism, and consists of the Internet emergency response teams from 180 corporations, government bodies, universities and other institutions spread across the Americas, Asia, Europe and Oceania.More about the FIRST Baltimore Conference at
www.first.org/conference/2006

English as a common language

24/7 emergency coverage by CERT teams

New protocols on confidentiality, including an understanding that news of vulnerabilities will not be issued before patches or other solutions have been devised and applied

Both sides agreed to work at all times in good faith, which they accept as "a key linchpin for any successful, co-ordinated, multiple vendor disclosure process."

This was the first meeting between the FIRST vendors’ SIG, which represents the world’s 24 top vendors, and national CERTs. Present were delegates from Cisco Systems, Sun, Oracle and IBM on the vendors’ side, and co-ordinators’ representatives from JPCERT/CC (Japan), CERT/CC (USA), NISCC (UK), and FICORA (Finland)."We’re looking at a breakthrough here", said Damir Rajnovic of Cisco Systems, the group chair. "Assuming these recommendations get confirmed and published in July, we’re confident that a much more effective, efficient and transparent relationship will be established. One fantastic result of these talks will be a new trust between all parties."More than 300 delegates from 39 countries – the greatest geographical spread ever – attended FIRST’s conference, which runs until June 30. The worldwide Forum of Incident Response and Security Teams leads the world's fight-back against cyber-crime, sabotage and terrorism, and consists of the Internet emergency response teams from 180 corporations, government bodies, universities and other institutions spread across the Americas, Asia, Europe and Oceania.More about the FIRST Baltimore Conference at
www.first.org/conference/2006

English as a common language

24/7 emergency coverage by CERT teams

New protocols on confidentiality, including an understanding that news of vulnerabilities will not be issued before patches or other solutions have been devised and applied

Both sides agreed to work at all times in good faith, which they accept as "a key linchpin for any successful, co-ordinated, multiple vendor disclosure process."

This was the first meeting between the FIRST vendors’ SIG, which represents the world’s 24 top vendors, and national CERTs. Present were delegates from Cisco Systems, Sun, Oracle and IBM on the vendors’ side, and co-ordinators’ representatives from JPCERT/CC (Japan), CERT/CC (USA), NISCC (UK), and FICORA (Finland)."We’re looking at a breakthrough here", said Damir Rajnovic of Cisco Systems, the group chair. "Assuming these recommendations get confirmed and published in July, we’re confident that a much more effective, efficient and transparent relationship will be established. One fantastic result of these talks will be a new trust between all parties."More than 300 delegates from 39 countries – the greatest geographical spread ever – attended FIRST’s conference, which runs until June 30. The worldwide Forum of Incident Response and Security Teams leads the world's fight-back against cyber-crime, sabotage and terrorism, and consists of the Internet emergency response teams from 180 corporations, government bodies, universities and other institutions spread across the Americas, Asia, Europe and Oceania.More about the FIRST Baltimore Conference at
www.first.org/conference/2006More about FIRST at
http://www.first.org&http://www.first.org/about

English as a common language

24/7 emergency coverage by CERT teams

New protocols on confidentiality, including an understanding that news of vulnerabilities will not be issued before patches or other solutions have been devised and applied

Both sides agreed to work at all times in good faith, which they accept as "a key linchpin for any successful, co-ordinated, multiple vendor disclosure process."

This was the first meeting between the FIRST vendors’ SIG, which represents the world’s 24 top vendors, and national CERTs. Present were delegates from Cisco Systems, Sun, Oracle and IBM on the vendors’ side, and co-ordinators’ representatives from JPCERT/CC (Japan), CERT/CC (USA), NISCC (UK), and FICORA (Finland)."We’re looking at a breakthrough here", said Damir Rajnovic of Cisco Systems, the group chair. "Assuming these recommendations get confirmed and published in July, we’re confident that a much more effective, efficient and transparent relationship will be established. One fantastic result of these talks will be a new trust between all parties."More than 300 delegates from 39 countries – the greatest geographical spread ever – attended FIRST’s conference, which runs until June 30. The worldwide Forum of Incident Response and Security Teams leads the world's fight-back against cyber-crime, sabotage and terrorism, and consists of the Internet emergency response teams from 180 corporations, government bodies, universities and other institutions spread across the Americas, Asia, Europe and Oceania.More about the FIRST Baltimore Conference at
www.first.org/conference/2006More about FIRST at
http://www.first.org&http://www.first.org/about

English as a common language

24/7 emergency coverage by CERT teams

New protocols on confidentiality, including an understanding that news of vulnerabilities will not be issued before patches or other solutions have been devised and applied

Both sides agreed to work at all times in good faith, which they accept as "a key linchpin for any successful, co-ordinated, multiple vendor disclosure process."

This was the first meeting between the FIRST vendors’ SIG, which represents the world’s 24 top vendors, and national CERTs. Present were delegates from Cisco Systems, Sun, Oracle and IBM on the vendors’ side, and co-ordinators’ representatives from JPCERT/CC (Japan), CERT/CC (USA), NISCC (UK), and FICORA (Finland)."We’re looking at a breakthrough here", said Damir Rajnovic of Cisco Systems, the group chair. "Assuming these recommendations get confirmed and published in July, we’re confident that a much more effective, efficient and transparent relationship will be established. One fantastic result of these talks will be a new trust between all parties."More than 300 delegates from 39 countries – the greatest geographical spread ever – attended FIRST’s conference, which runs until June 30. The worldwide Forum of Incident Response and Security Teams leads the world's fight-back against cyber-crime, sabotage and terrorism, and consists of the Internet emergency response teams from 180 corporations, government bodies, universities and other institutions spread across the Americas, Asia, Europe and Oceania.More about the FIRST Baltimore Conference at
www.first.org/conference/2006More about FIRST at
http://www.first.org&http://www.first.org/aboutFIRST hosts a Global Security News Feed at
http://www.first.org/newsroom/globalsecurity

English as a common language

24/7 emergency coverage by CERT teams

New protocols on confidentiality, including an understanding that news of vulnerabilities will not be issued before patches or other solutions have been devised and applied

Both sides agreed to work at all times in good faith, which they accept as "a key linchpin for any successful, co-ordinated, multiple vendor disclosure process."

This was the first meeting between the FIRST vendors’ SIG, which represents the world’s 24 top vendors, and national CERTs. Present were delegates from Cisco Systems, Sun, Oracle and IBM on the vendors’ side, and co-ordinators’ representatives from JPCERT/CC (Japan), CERT/CC (USA), NISCC (UK), and FICORA (Finland)."We’re looking at a breakthrough here", said Damir Rajnovic of Cisco Systems, the group chair. "Assuming these recommendations get confirmed and published in July, we’re confident that a much more effective, efficient and transparent relationship will be established. One fantastic result of these talks will be a new trust between all parties."More than 300 delegates from 39 countries – the greatest geographical spread ever – attended FIRST’s conference, which runs until June 30. The worldwide Forum of Incident Response and Security Teams leads the world's fight-back against cyber-crime, sabotage and terrorism, and consists of the Internet emergency response teams from 180 corporations, government bodies, universities and other institutions spread across the Americas, Asia, Europe and Oceania.More about the FIRST Baltimore Conference at
www.first.org/conference/2006More about FIRST at
http://www.first.org&http://www.first.org/aboutFIRST hosts a Global Security News Feed at
http://www.first.org/newsroom/globalsecurity