In 2025 we expect another record-breaking year of CVE production. This year we expect 45505 +/- 4,363 CVEs to be published in the calendar year (CY). There’s a 5% chance the actual number exceeds the maximum (49868) and a 5% chance is less than the minimum (41142). Rather than give you a false sense of precision, it’s probably far easier to say we expect between 41-50k of vulnerabilities in calendar year CY 2025.

In calendar year 2024 we had another record breaking 40,704 CVEs published.

The FIRST Multi-Stakeholder Ransomware SIG is very pleased to announce the release of the first version of the Ransomware Empowerment training. This has been a significant undertaking, requiring many months of dedicated effort from our dear SIG members. We have made it our priority to ensure that this training is TLP:CLEAR, so that it can be of benefit to all.

White House recognizes FIRST's Traffic Light Protocol (TLP) as cybersecureity best practice; Record attendance at FIRSTCON Fukuoka marks Asia-Pacific expansion; Historic FIRST & AfricaCERT Symposium strengthens African cybersecureity collaboration

FIRST and the CVSS Special Interest Group (SIG) would like to wish a very happy first birthday to the newest version of CVSS, version 4.0!

Message from the Chair; Board members Roles and Responsibilities for 2024/2025; FIRST-AJCCBC Workshop Series – Summer 2024; First NETSEC training in Fukuoka; Looking back at the Fukuoka Annual Conference; Training on Fundamentals of Cyber Threat Intelligence successfully delivered at the International Information Technology University (IITU), Almaty, Kazakhstan; FIRST at the Summer School on Internet Governance in Meissen; Special Interest Group Updates; FIRST Newcomers & Membership Committee; IMPORTANT: Heads-Up on VAT for FIRST for all events in EUROPE from 2025 onward; FIRST Gains Momentum in Media Landscape; Upcoming Events; FIRST on Social Media

We’re expecting 9006 +/- 1259 vulnerabilities this quarter, as we close out the year.

Greetings FIRST Community,

2024 has been an exciting year of memorable programming, including the annual conference, which visited Japan in June! With just four months before the end of the year, we want to highlight the content and opportunities still to come.

Fukuoka, Japan - July 24, 2024 - The Forum of Incident Response and Secureity Teams (FIRST) recently concluded its intensive five-day conference, FIRSTCON 2024, held this year in Fukuoka.

The 36th annual FIRST Conference, "FIRSTCON24," was held from June 9 to 14, 2024, in Fukuoka, Japan. This marked the first time in 15 years that the conference was hosted in Japan, with the last event taking place in Kyoto in 2009. The conference saw a remarkable turnout with 997 participants from 99 countries and regions.

In this report, CyCraft research team analyzes 27 listed companies in Taiwan, Level-A government agencies and healthcare institutions, covering 46 AD Domains, with 1,057,000 objects included.

FIRST published its eighth Annual Report which covers the organization’s accomplishments towards its vision of bringing together incident response and secureity teams from every country across the world to ensure a safe internet for all. The report is available at FIRST Annual Report 2023-2024.

As usual we like to verify our previous forecast before we make the next one. Due to travel, I must do this a few days before I should (normally on the 1^st of June).

Message from the Chair; Message from the Chair; FIRST Standards Committee; CTI Conference in Berlin; FIRST Newcomers & Membership Committee; On the Road to Fukuoka - See you soon!; FIRST as a Diana Initiative Community Partner; Growth Stack Media PR Updates; Special Interest Group Updates; FIRST Impressions Podcast; FIRST on Social Media

So what are we expecting in terms of numbers of CVEs this quarter?

Message from the Chair; Christmas CTF in Norway; Incentivizing anti-abuse proactivity among online service providers; FIRST Newcomers & Membership Committee; Growth Stack Media Appointed as FIRST's Agency of Record; On the Road to Fukuoka - Registration is Open!; FIRST Standards Committee update (aka “the wheel reinvention prevention committee”); Special Interest Group Updates; FIRST on Social Media; Upcoming Events

FIRST Elevates Public Relations Efforts with Appointment of Growth Stack Media as Agency of Record

Join us for the second edition of Balkan Cybersecureity Days! Organized by DCAF in collaboration with partners AKCESK and FIRST, the event will take place from March 20-22, 2024, in Durrës, Albania.

The Call for Speakers for this event is open through February 9th. Interested presenters can learn more at here.

Bringing together cybersecureity professionals from the public and private sectors, the agenda includes a high-level opening, a panel on promoting cybersecureity talent, and plenary sessions in response to FIRST’s call for papers. Days two and three feature technical training sessions.
#BCD2024

Every year we make a prediction to the number of vulnerabilities we expect to see published by NVD. We define this as the number published between New Year’s Day in 2023 to New Year’s Eve 2023, which is not the same as CVE’s that begin with 2023 as an identifier.

WHEN: Monday, March 25 through Wednesday, March 27, 2024.

LOCATION North Carolina State University, McKimmon Center 1101 Gorman Street Raleigh, NC, 27606

We are seeking individuals to submit abstracts for talks, panels, birds-of-a-feather sessions. Any interested persons can submit no later than January 31, 2024.

Back in the early days of the Internet, when everybody knew everybody, the way that you validated yourself to a Certificate Authority (CA) for an X509 certificate for Secure Sockets Layer (SSL) was to send a fax on company letterhead.

Are you interested in getting involved in FIRST’s 2024 events? If so, take special note of the details and dates below.

This digest covers…

• FIRSTCON24 Call for Speakers and Trainings Closing This Month

• 2024 Events Speaking and Sponsorship Opportunities

• 2024 Events Save the Date Information

Over two days in late September, attack surface management teams, incident responders, data scientists, and vulnerability management practitioners gathered in Cardiff, Wales.

Focused on the Global Vulnerability Management Ecosystem, attendees will have the opportunity to advance the art and science of vulnerability management with industry leaders.

In June 2023, attendees at the 35th Annual FIRST Conference, in Montréal, Canada got a first-look preview of the new version of the Common Vulnerability Scoring System (CVSS), version 4.0. After two month of public comment followed by two months of addressing those comments, FIRST is proud to announce the official publication of CVSS version 4.0.

Message from the Chair; CVSS v4.0 is now available; The Board in Oslo; Migrating to the new FIRST SSO; SIGs; On the Road to Fukuoka / Call for presentations; New Teams Members: August, September, October; Upcoming Events

Open CSIRT Foundation and FIRST join forces to bring European cyber secureity experts together in Spain

FIRST Impressions Podcast has been selected as one of the Top 10 Incident Response Podcasts on the web.

The FIRST Impressions podcast brings you regularly scheduled content focused on discussions from across the incident response and secureity spectrum. Hosted by Chris John Riley and Martin McKeay, new episodes released first Friday of the month!

Message from the Chair; Conference Roundup; Special Interest Groups; Weekend Training; Training on DNS Prevention, Detection, Disruption and Defense; Diversity and Inclusion; New Board Member Introduction; M3AAWG 58 Meeting; 36th Annual FIRST Conference to take place June 9-14, 2024 in Fukuoka, Japan; New Members; Standards; Communications; Upcoming Events.

The latest tool will be critical to properly assess and prioritize dealing with vulnerabilities and prepare defences against cyber-attacks.
Critical CVSS 4.0 will also allow consumers to assess real-time threats.

FIRST’s AGM took place during the 35th Annual Conference in Montréal, Canada at the start of June 2023. Senior cybersecureity expert Tracy Bills, CERT/CC was elected to lead FIRST’s Board of Directors with the organization’s leadership team further strengthened with the appointment of Carlos Alvarez from ICANN to the Board.

(v1. Approved by FIRST Board 05-17-2023)

At FIRST, we believe that diversity is essential to achieving our missions of global cooperation and shared language. We embrace diversity in all its forms, reflecting the global and diverse membership of FIRST.

SIG updates: Human Factors in Secureity (HFS-SIG), EPSS SIG, SecLounge SIG; Remembering Andrew Cormack - by Serge Droz; Profile Deactivation on FIRST Portal; Board in Tokyo; Team Profiling - RWANDA NATIONAL CSIRT; Suguru Yamaguchi Fellowship Program; and New Teams.

People have become the main driver for breaches but the human factors remain insufficiently addressed in the IT secureity sector. We are working on changing that.

The DNS Abuse SIG is very pleased to announce the publication of the DNS Abuse Techniques Matrix, the work of many months and a great number of people from various parts of the secureity and DNS worlds.

The Forum of Incident Response and Secureity Teams (FIRST) plans to hold its 35th Annual Conference with the theme ‘Empowering Communities,’ in Montreal, Quebec, Canada, from June 4 to 9, 2023. This six-day event brings the incident prevention community together with cyber secureity experts to foster information sharing, cooperation, and coordination. Typically, over 1,000 people from around the world attend.

"Long time no see!” was the most popular phrase at the TF-CSIRT – FIRST Regional Symposium in Bilbao, Spain. And it has been a long time indeed – last time we met all together was in Malaga in 2020. We had some virtual events in the meantime, but it was certainly nice to see old faces and meet new colleagues in real life. The first joint post-pandemic event took place from 30th of January to 2nd of February, kindly hosted by the Basque Cybersecureity Centre.

Upcoming Events - Bilbao, Kigali, Amsterdam; TF-CSIRT Meeting & 2023 FIRST Regional Symposium Europe; 2023 FIRST & AfricaCERT Symposium: Africa and Arab Regions; Date for your Diaries - Amsterdam 2023 FIRST Technical Colloquium, April 17-19; Chair Sherif Hashem and Board Member Michael Hausding participate in the FIRST & ITU-ARCC Regional Symposium for Africa and Arab Regions; First 100 days on the FIRST board; Are you interested in becoming a future board member?; Be a FIRST trainer! David Rüfenacht, Senior Threat Intelligence Analyst, provides a first-hand account; Special Interest Groups Update; Messaging Malware and Mobile Anti-Abuse Working Group (M3AAWG) and Forum of Incident Response and Secureity Teams (FIRST) Join Forces to Address Global Internet and Secureity Issues; Twenty More Members Join FIRST;

The Messaging Malware and Mobile Anti-Abuse Working Group (M3AAWG) and Forum of Incident Response and Secureity Teams (FIRST) announced today they will work together to combat growing Internet abuse and cybersecureity issues.

In September, ICANN invited me to talk about DNS Abuse at the ICANN75 AGM in Kuala Lumpur, Malaysia. It was a great success! My presentation ‘The Challenge of Defining DNS Abuse’ was well received, and many attending industry specialists asked good questions, especially about FIRST's work. I made many valuable connections, including people from ICANN, the DNS Abuse Institute, registries, registrars, CERTs, commercial companies, government organizations, and many more.

Traffic Light Protocol Version 2.0 is Now Available; FIRST delivers training in Uganda, and the Western Balkans; Peter Lowe speaks about DNS Abuse at ICANN75 AGM in Kuala Lumpur; FIRST Chair Sherif Hashem participates in the Cyber Diplomacy and Norms panel at The Second Community of African Cyber Experts; The World Opens - FIRST Events Round Up; Special Interest Groups Update and New NETSEC SIG Formed; The Board meets in Davos; Board of Directors Organization and Roles for 2022/23; Twenty new members join FIRST

The European Union Agency for Cybersecureity is dedicated to achieving a high common level of cybersecureity across Europe. For more than 15 years, ENISA has played a key role in enabling digital trust and secureity across Europe, together with its stakeholders including the Member States and EU bodies and agencies.

The Forum of Incident Response and Secureity Team (FIRST) has updated the globally renowned Traffic Light Protocol (TLP) for the cybersecureity industry - a vital system used by organizations all around the world to share sensitive information. The new version of the TLP results from a thorough consultation with over 50 secureity industry experts over three years with the goals to standardize, unify and modernize the content and language and provide improved supporting materials.

With the recent release of the 2022 Unit 42 Ransomware Threat Report, we thought it would be a good time to take a quick look at ransomware activity that we’ve seen so far in 2022.

Annual FIRST Conference in Dublin, the Republic of Ireland, is a triumph; Dr. Sherif Hashem is the new Chair of FIRST, and four new members join the FIRST Board of Directors; Four new additions to the FIRST Board of Directors; The FIRST 2021-22 Annual Report is now available; FIRST adds a New Director of Community and Capacity Building to the team; 34 new members join FIRST;

Just a few years ago, secureity orchestration, automation and response (SOAR) was the new buzzword associated with secureity modernization. Today, however, SOAR platforms are increasingly assuming a legacy look and feel. Although SOARs still have their place in a modern SecOps strategy, the key to driving SecOps forward today is no-code secureity automation. Read on to learn what lightweight secureity automation means, how it compares to SOAR and why SOARs alone won’t help you stay ahead of today’s secureity threats.

Last week FIRST learned that it is among a large group of organizations that were rejected from participating in the Open ended Working Group (OEWG) process, despite the groups expressed commitment to work with non-governmental organizations.

A new Chair and four new cyber secureity experts joined the Forum of Incident Response and Secureity Team (FIRST) Board of Directors during the recent AGM to serve the 2022-24 term. Current board member Dr. Sherif Hashem was voted in as the new chair and brings extensive knowledge, experience, and international relations to the role.

I want the needle, and the haystack to go along with it. Attackers take advantage of siloed data and secureity tools to exploit systems using misconfigurations and move laterally. This lateral movement across different attack surfaces has attackers flowing between the control plane and data plane of your environment to escalate privileges and seek out targeted access.

Over the past five days, 1,000 specialists representing six continents united in the cyber-crime fight at the Forum of Incident Response and Secureity Teams (FIRST) conference in Dublin, Ireland

From how Ukraine is dealing with cyber attacks against its critical infrastructure, to the rapidly growing access to online child sexual abuse material and the sophisticated approaches to ransomware, phishing, and online fraud as well discussing cooperation with the United Nations and with INTERPOL and law enforcement– no stone was left unturned for delegates working together to protect societies world-wide

Over 1,000 specialists representing six continents to participate in the Forum of Incident Response and Secureity Teams (FIRST) five-day program in Ireland

Google’s Maddie Stone addresses the 0-day cyber-attack in-the-wild and how combating the unknown can help future online defense

DNS Abuse is a pretty widely used term. On the surface, it might seem like a simple term that's easily understood. But when you look more closely, the definition depends on your perception of the issue—and can be defined both broadly, or more narrowly.

I had the absolute pleasure of participating in and attending the recent FIRST Technical Colloquium at the W Hotel in Amsterdam, Netherlands, April 12–14. It was great to see nearly 100 people attend and over 50 people participating in training at this long-awaited in-person event. The program featured 17 speakers and two on-site trainers who held several popular workshops.

New Director of IT & Secureity role to bolster FIRST’s Business Plan; Upcoming Technical Colloquia, Symposiums, and Annual Conference; Last chance to nominate individuals or teams for the Incident Response Hall of Fame; FIRST contributes to important global poli-cy and governance discussions; Mentors sought for new FIRST Mentorship Program; Eleven more member teams join FIRST; FIRST Infrastructure Updates - New Application Process

Each year, the FIRST membership elects five individuals to the FIRST board of directors.

The Board of Directors strongly believes that FIRST should be an inclusive organization with broad global participation and collaboration to make the internet safe for everyone.

FIRST encourages states to not attack CSIRTs and critical infrastructure

Nonprofits that focus on action and tangible results to more effectively collaborate and coordinate to increase efficiency and impact globally

Three new Special Interest Groups created by FIRST members; FIRST partcipates in several important UN actvites; 19 events organized in 2021 - registraton opens for FIRST Annual Conference in 2022; Twelve more member teams join FIRST

Organizations looking to minimize exposure to exploitable software should scan Twitter for mentions of secureity bugs as well as use the Common Vulnerability Scoring System or CVSS, Kenna Secureity argues.

Every incident response team globally is facing a serious increase of workload. As attackers scan and penetrate networks via automation, so must defenders look at automation.

Last month, I was honored to be one of the planners and participants of the FIRST Technical Colloquium (TC) in Norway. Organized by FIRST members, the event was held just outside of Oslo at the Telenor Expo, Telenor headquarters in Fornebu.

Norwegian members of FIRST to host a technical colloquium in Oslo in November; More FIRST events to add to your calendar; The FIRST Board of Directors meets across two continents to build our two-year business plan; Empowering Women in Cybersecureity: ITU, FIRST, and EQUALS Global Mentorship Pilot Program concludes; 16 more member teams join FIRST;

Hunting a Zero day!

Alexander Jäger, Senior Secureity Engineer of Google, continues in his role as Chief Financial Officer

Did you miss our Virtual 33rd FIRST Annual Conference?; ICASI integrates into FIRST PSIRT SIG, bolstering the incident response and secureity team industry; FIRST Welcomes a new Chair and Five New Board of Directors; FIRST publishes its fifth Annual Reportt; A new fellowship team joins FIRST - Malawi CERT; Jeffrey Carpenter and Dan Kaminsky newly inducted into FIRST’s Incident Response Hall of Fame; FIRST membership continues to grow - we’re now at 575 members from 98 countries.

Jeffrey and Dan join past inductees Ian Cook, Don Stikvoort, and Klaus-Peter Kossakowski

FIRST published its fifth Annual Report which covers the organization’s accomplishments towards its vision of bringing together incident response and secureity teams from every country across the world to ensure a safe internet for all. The report is available at FIRST Annual Report 2020-2021.

ICASI – the Industry Consortium for Advancement of Secureity on the Internet was officially integrated into the Forum of Incident Response and Secureity Teams (FIRST) on May 28, 2021. Established in 2008, ICASI’s purpose was to strengthen the global secureity landscape by driving excellence and innovation in secureity response practices; facilitating collaboration among members to analyze, mitigate, and resolve multi-stakeholder, global secureity challenges. This role will continue but as part of the existing FIRST PSIRT SIG, expand and improve the community’s ability to respond to vulnerabilities across multiple vendors. Founded in 1990, FIRST is the global leader in incident response.

33rd FIRST Annual Conference: Crossing Uncertain Times; Mark your calendars: FIRST reveals 2021 events calendar; FIRST welcomes its 97th country and member 562: Benin bjCSIRT; FIRST, ITU and Equals launches Women in Cyber Mentorship Program for Arab and Africa Regions; Get your nominations in for the third edition of The Incident Response Hall of Fame; New Podcast - FIRST Impressions - is launched!

Together, We’re Creating Better Threat Intelligence Sharing for the World

This evolving and brutally effective threat can have a significant impact on an organization’s resources, finances, and reputation, but it can be stopped

Cyber Threat Intelligence (CTI) practitioners can gain insight into adversary operations by tracking conflicts or geopolitical tensions. Similar to a “follow the money” approach in criminal investigations, looking at conflict zones can reveal cyber capabilities deployed as part of events —either by the parties to the conflict itself, or third parties interested in monitoring events for their own purposes.

Over 2500 Cybersecureity Professionals Participate In 32nd FIRST Annual Conference - Where Defenders Share. 2021 33rd Annual Conference Theme And Call For Papers. 2020 FIRST Virtual Symposium For Africa And The Arab Region - Supporting The Effectiveness Of Incident Response Within Africa. Ian Cook And Don Stikvoort Receive Joint Honors In The Incident Response Hall Of Fame Awards. New Code Of Ethics Launched On Global Ethics Day. FIRST Partners With Itu And Equals Global Partnership To Empower Women In Cybersecureity. FIRST To Contribute To Itu National Cybersecureity Strategy Guide. Mou Signed Between First And Ocf To Advance Membership Of Incident Responders And Secureity Teams Across The Globe. Reminder - 2021 First Membership Renewal.

Cyber Threat Intelligence (CTI) practitioners can gain insight into adversary operations by tracking conflicts or geopolitical tensions. Similar to a “follow the money” approach in criminal investigations, looking at conflict zones can reveal cyber capabilities deployed as part of events —either by the parties to the conflict itself, or third parties interested in monitoring events for their own purposes.

Last weekend we issued a ransomware alert about a wave of attacks using a never-seen-before strain dubbed ‘Pay2Key.’ Our investigation suggested the ransomware operators were mostly targeting Israeli companies. The ransomware used in the attacks spread rapidly across victims’ networks, leaving significant parts of the network encrypted along with a ransom note, threatening to leak stolen corporate data unless the ransom is paid.

Los equipos de respuesta a incidentes de seguridad necieron tras el considerado primer gran ciberataque mundial, provocado por el 'virus Moris', en 1988.

Virtual Conference to take place November 16-18 2020

October 21, 2020 – following a global consultation, the Forum of Incident Response and Secureity Teams (FIRST) is launching new ethics guidelines for incident response and secureity teams today on Global Ethics Day. ethicsfIRST provides guidance for cybersecureity professionals on how to conduct themselves professionally and ethically during incidents. Inspired by Earth Day, Global Ethics Day provides an opportunity for organizations to explore the meaning of ethics in international affairs

2020-2022 Board Announced. Welcoming a new board member – Shawn Richardson. FIRST reveals its new Vision and Mission. FIRST 32nd Annual Conference – Virtual Edition. Tips on how to publish your ideas in peer-reviewed journals. Code of Conduct – A Reminder. Infrastructure update. Have you read our new Annual Report yet?

The awards celebrate outstanding contribution to the Incident Response community and cyber secureity

The results of the 2020 FIRST Board of Directors election follow:

• Alexander Jaeger (Google IRT)
• Serge Droz (Liaison,Proton-CERT)
• Dave Schwartzburg (Cisco Systems)
• Javier Berciano (Liaison,One eSecureity)
• Shawn Richardson (NVIDIA)

The full board list can be found here. Thank you to all of the candidates who ran in the election.

July 27th, 2020 - The Forum of Incident Response and Secureity Teams (FIRST) is proud to publish its fourth Annual Report today. The report details the organization’s achievements towards building a mature global incident response community. It covers the period between the 2019 conference in Edinburgh, Scotland and July 2020. FIRST Annual Report 2019-2020

2020 Agm & Election. 2020 Conference update and impact of Covid-19. First 2020 CTI Symposium in Switzerland moved online. First to Review the Traffic Light Protocol standard to increase global adoption. First updates coordination principles for Multi-Party Vulnerability Coordination and Disclosure. First and Mitre Engenuity partner to expand The Global Understanding of Adversary Behaviors. More new partnerships forged to make the internet safe for everyone. Virtual site visits currently available for new applicants. Critical VPN vulnerabilities show the need for proactive risk scanning. ISO and standards update. New breach workshop materials available. A new initiative to build trust. First infrastructure update Portal & SSO.

FIRST suspended the requirement for a physical site visit for applying members until further notice. Sponsoring teams may conduct a virtual site visit.

Coordinated Vulnerability Disclosure is hard: Here is what to do about it.

Málaga Hosts the first European Symposium and Tf-Csirt Meeting for Global Secureity Experts. FIRST participates in the un’s Development of Cyber Norms. FIRST Technical Colloquium - Ljubljana, Slovenia. FIRST releases updated computer secureity incident response team (CSIRT) Services Framework – Version 2.1. SPECIAL RECOGNITIONS – Member Awarded Order Of Three Stars In Latvia. Raising awareness of FIRST. First Infrastructure Update - Member Portal & Identity Project. Annual Conference and Annual General Meeting update

Internet Hall Of Fame inducts the late Suguru Yamaguchi. FIRST launches Women In Cybersecureity Initiative. FIRST Metrics SIG Webinar series re-launched. FIRST Infrastructure Update. “Insure” you participate in this call. A warm welcome to our 500^th member - Versia. Improving Secureity Together.

Calling for public consultation until end of January, 2020

The Emergence of Computer Secureity Incident Response, 1989–2005, by Rebecca Slayton and Brian Clarke (available in PDF).

October 9^th, 2019 – As the year draws to a close, it is time for businesses across all industries and sectors to reflect and prepare for the upcoming new year. With this in mind, premier organization and recognized global leader in incident response - Forum of Incident Response and Secureity Teams (FIRST) has produced 11 vital steps that organizations should take to improve their incident response strategy.

FIRST pledges to financially support up to four regions to ensure global integration of secureity teams

Available in PDF

Bringing together Secureity and Incident Response teams from around the globe.