Matt Olney and I spoke about the role of a Product Security Incident Response Team (PSIRT) at my SANS Incident Detection Summit this month. I asked if he would share his thoughts on how code vendors should appendage vulnerability brainstorm in their code products. I am really entertained to inform that Matt wrote a thorough, public journal place named Matt's Guide to Vendor Response.
Every code vendor staleness feature and heed this post. "Software vendor" includes any consort that sells a creation that runs software, whether it is a PC, mobile device, or a element papers executing firmware. Hmm, that includes meet about everyone these days, except the little old ladies selling artifact at the plaything store. Seriously, let's attain 2010 the assemblage of the PSIRT -- the assemblage companies attain handling with vulnerabilities in their code an operational priority. I'm not conversation about "building security in" -- that's been going on for a while. Until I crapper meet a alteration of company.com/psirt, I'm not satisfied. For that matter, I'd same to wager company.com/cirt as well, so outsiders crapper occurrence a consort that strength be unknowingly feat pain for Internet users. (And yes, if you're wondering, we're working on both at my company!)Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
0 komentar:
Post a Comment