SIGIIV Activity - Meetings of Product Security Teams

Next meeting

2005 November 16

Oracle, Redwood Shores, CA

This is an activity of FIRST Special Interest Group - Internet Infrastructure Vendors. For all information on these events please contact Damir Rajnovic <>.

The goal is to bring together product security teams and enable them to exchange their experiences and best practices. This includes teams that are either handling technical or coordination aspects of product security. The field of product security is unique in the sense that it is not related only to a specific technical challenges (e.g., testing, programing) but also includes aspects of project management, legal and managerial issues.

These meetings are open to all vendor teams irrespective if the are members of SIGIIV or FIRST or not. Relevant guests are also welcomed. However, the SIGIIV moderators can use their discretion and refuse participation if necessary.

Second meeting 2005-November, USA - Call for papers

The second meeting of Product Security Teams will be held in 2005-Nov-16 and will be hosted by Oracle at Redwood Shores, California, USA. The meeting is adjecent to FIRST Technical Colloquia.

Attendees are invited to submit papers, tutorials or propose panel session, on any of topic of interest. Topics of interest include, but are not limited to:

Technical topics:

Legal topics:

Managerial/operational topics:

All submition should be sent to Damir Rajnovic <> no later then 2005-Aug-31. The submition should have the subject line "PSTM - Paper submission" and must contain the type of the proposal (paper, discussion), duration (if not specified 45 minutes is the default), abstract and contact details (e-mail and telephone number). Submitters will be notified no later then Sep-15.

Tentative agenda and attendees

Currently the following organizations either confirmed their presentations or expressed interest to present during the event. Topics and presenters are tentative and subject to change.

Time Activity
TBD Welcome, Damir Rajnovic, Cisco Systems
TBD CERT/CC processes during vulnerability coordination, Art Manion, CERT/CC
TBD JPCERT/CC processes during vulnerability coordination, Yurie Ito, JPCERT/CC
TBD Usage of OVAL in producing security Advisores, Masato Terada, Hitachi Ltd.
TBD OVAL markup scheme, MITRE
TBD Legal aspects of handling product vulnerabilities, Tara Flanagan, Cisco Systems

Further information will be posted as they becomes available.

Previous meetings

Last update on 2005-Sep-06