You’ve received vulnerability reports in your application or product. Now what? There is an abundance of incident response guidance for network security, and a number of companies have published their product security incident response team (PSIRT) process. Yet there is a dearth of detailed resources on how to implement PSIRT processes for organizations that have reached Stage 7 of the SDL process (response).
To build and maintain secure products, organizations need to enable their incident response teams to receive and respond to vulnerability reports and effectively partner with development, customer support, and communications teams. Kymberlee Price shares best practices and actionable recommendations for supporting these teams’ product incident response programs and offers several free templates you can put to use right away.
Kymberlee Price is the senior director of researcher operations at Bugcrowd, where she draws on her 14+ years of experience specializing in application security incident response and investigations to direct the efforts of over 35,000 crowd members in web app, mobile app, and IoT penetration testing. Previously, Kymberlee pioneered the first security researcher outreach program in the software industry, served as a principal investigator in the Zotob criminal investigation, analyzed APTs at Microsoft, and spent four years on BlackBerry’s Security Response Team investigating product vulnerabilities, specializing in third-party library security. Kymberlee cochairs the Department of Commerce NTIA Working Group on Multi-Party Vulnerability Disclosure and speaks regularly on vulnerability management and product incident response at Black Hat USA, RSA, Kaspersky Security Analyst Summit, and other events.
©2016, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • email@example.com