FIRST: Guidelines and Practices for Multi-Party Vulnerability Coordination and Disclosure

Initiative

FIRST: Guidelines and Practices for Multi-Party Vulnerability Coordination and Disclosure

Portal Team 's picture

Posted By: 

Portal Team

Organisation:

Forum of Incident Response and Security Teams (FIRST)

Partners:

U.S. National Telecommunications and Information Administration (NTIA), Industry Consortium for the Advancement of Security on the Internet (ICASI)

Target countries / regions:

Global

Target group(s):

(National) Incident Response Teams; CSIRT; PSIRT; SIRR

Thematic focus:

Incident Response

Purpose:

Defining a methodology for coordination among the parties affected by a vulnerability, from initial report to releasing information

Aims / objectives:

To meet the need for a more consistent approach to vulnerability disclosure to account for multiple stakeholders

Activities:

A set of guidelines and norms for vulnerability disclosure that affects multiple parties.

Period:

Since 2017

Contact details:

FIRST, via the FIRST secretariat at first-sec@first.org  or Kate Gagnon, Director, Forum of Incident Response and Security Teams (FIRST), kate@first.org

For more information:

https://www.first.org/newsroom/releases/20170706

The GFCE inventory is being continuously updated, and the information it contains is either publicly available, or consent for publication was given by the owner. Please contact the portal manager with any additional information or corrections. Whilst every reasonable effort is made to keep the content of this inventory accurate and up to date, no warranty or representation of any kind, express or implied, is made in relation to the accuracy, completeness or adequacy of the information contained in these pages.