Tips for PSIRTs
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgz6k4cPs7RqEX0n5SebcJMNe1IQs5y4eoJTn85HfMATX_rzmnkxRmG4TeiwzPzYxzOCAQKQg3VsmEdcYiX24lSImvATcPXpi-7Pfj1SMEn_km2Q4xoLX4tP4fahZkq6SQeL0A/s400/cert_logo.gif)
Examples of PSIRTs include:
- Cisco Product Security Incident Response Team
- Microsoft Security Response Center
- Intel Product Security Center
I think you can tell how serious a company takes security by the way they promote their PSIRT, obscure its existence, or not even operate one. Try comparing Oracle to Cisco, for example.
If you're looking to start a PSIRT, Chad Dougherty's Recommendations to vendors for communicating product security information post on the CERT blog is a great start.
Richard Bejtlich is teaching new classes in DC and Europe in 2009. Register by 1 Jan and 1 Feb, respectively, for the best rates.
Comments