| CARVIEW |
- About FIRST
- Mission Statement
- Strategy Framework
- History
- Sustainable Development Goals
- Organization
- FIRST Policies
- Anti-Corruption Policy
- Antitrust Policy
- Bylaws
- Board duties
- Bug Bounty Program
- Code of Conduct
- Conflict of Interest Policy
- Document Record Retention and Destruction Policy
- FIRST Press Policy
- General Event Registration Refund Policy
- Guidelines for Site Selection for all FIRST events
- Identity & Logo Usage
- Mailing List Policy
- Media Policy
- Privacy Policy
- Registration Terms & Conditions
- Services Terms of Use
- Standards Policy
- Statement on Diversity & Inclusion
- Translation Policy
- Travel Policy
- Uniform IPR Policy
- Whistleblower Protection Policy
- Partnerships
- Newsroom
- Procurement
- Jobs
- Contact
- Membership
- Initiatives
- Special Interest Groups (SIGs)
- SIGs Framework
- Academic Security SIG
- AI Security SIG
- Automation SIG
- Cybersecurity Communications SIG
- Common Vulnerability Scoring System (CVSS-SIG)
- CSIRT Framework Development SIG
- Cyber Insurance SIG
- Cyber Threat Intelligence SIG
- Curriculum
- Introduction
- Introduction to CTI as a General topic
- Methods and Methodology
- Priority Intelligence Requirement (PIR)
- Source Evaluation and Information Reliability
- Machine and Human Analysis Techniques (and Intelligence Cycle)
- Threat Modelling
- Training
- Standards
- Glossary
- Communicating Uncertainties in CTI Reporting
- Webinars and Online Training
- Building a CTI program and team
- Curriculum
- Detection Engineering & Threat Hunting SIG
- Digital Safety SIG
- DNS Abuse SIG
- Stakeholder Advice
- Detection
- Cache Poisoning
- Creation of Malicious Subdomains Under Dynamic DNS Providers
- DGA Domains
- DNS As a Vector for DoS
- DNS Beacons - C2 Communication
- DNS Rebinding
- DNS Server Compromise
- DNS Tunneling
- DoS Against the DNS
- Domain Name Compromise
- Dynamic DNS (as obfuscation technique)
- Fast Flux (as obfuscation technique)
- Infiltration and exfiltration via the DNS
- Lame Delegations
- Local Resolver Hijacking
- Malicious registration of (effective) second level domains
- On-path DNS Attack
- Stub Resolver Hijacking
- Detection
- Code of Conduct & Other Policies
- Examples of DNS Abuse
- Stakeholder Advice
- Ethics SIG
- Exploit Prediction Scoring System (EPSS)
- FIRST Multi-Stakeholder Ransomware SIG
- Human Factors in Security SIG
- Industrial Control Systems SIG (ICS-SIG)
- Information Exchange Policy SIG (IEP-SIG)
- Information Sharing SIG
- Law Enforcement SIG
- Malware Analysis SIG
- Metrics SIG
- NETSEC SIG
- Public Policy SIG
- PSIRT SIG
- Red Team SIG
- Security Lounge SIG
- Security Operations Center SIG
- Threat Intel Coalition SIG
- Traffic Light Protocol (TLP-SIG)
- Transportation and Mobility SIG
- Vulnerability Coordination
- Vulnerability Reporting and Data eXchange SIG (VRDX-SIG)
- Women of FIRST
- CCB Initiatives
- FIRST CORE
- Internet Governance
- IR Database
- Fellowship Program
- Mentorship Program
- IR Hall of Fame
- Victim Notification
- Volunteers at FIRST
- Previous Activities
- Special Interest Groups (SIGs)
- Standards & Publications
- Events
- Education
- Blog
FIRST History
In November 1988, a computer security incident known as the "Internet worm" brought major portions of the Internet to its knees. Reaction to this incident was isolated and uncoordinated, resulting in much duplicated effort, and in conflicting solutions. Weeks later, the CERT* Coordination Center was formed. Soon after, the United States Department of Energy formed the Computer Incident Advisory Capability (CIAC) to serve its constituents.
Over the next two years, the number of incident response teams continued to grow, each with its own purpose, funding, reporting requirements, and constituency. The interaction between these teams experienced difficulties due to differences in language, timezone, and international standards or conventions. In October 1989, a major incident called the "Wank worm" highlighted the need for better communication and coordination between teams.
The FIRST was formed in 1990 in response to this problem. Since that time, it has continued to grow and evolve in response to the changing needs of the incident response and security teams and their constituencies.
By 2002, the Internet had grown from 60,000 host computer systems to 150 million in nearly all countries in the world (see Internet Domain Survey at the Internet Software Consortium). Many companies now rely on the Internet in their daily business transactions. Incident response and security teams continue to form around the globe, covering a range of constituencies from whole countries, to multi-national organizations. The FIRST membership consists of teams from a wide variety of organizations including educational, commercial, vendor, government and military.
FIRST members growth by year*
| Region | 1990 | 1991 | 1992 | 1993 | 1994 | 1995 | 1996 | 1997 | 1998 | 1999 | 2000 | 2001 | 2002 | 2003 | 2004 | 2005 | 2006 | 2007 | 2008 | 2009 | 2010 | 2011 | 2012 | 2013 | 2014 | 2015 | 2016 | 2017 | 2018 | 2019 | 2020 | 2021 | 2022 | 2023 | 2024 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Africa | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 1 | 1 | 2 | 3 | 3 | 4 | 7 | 7 | 7 | 12 | 15 | 14 | 16 | 19 | 23 | 27 | 28 | 31 |
| Asia | 0 | 0 | 0 | 1 | 1 | 1 | 1 | 1 | 4 | 4 | 4 | 5 | 7 | 16 | 16 | 19 | 24 | 26 | 31 | 34 | 39 | 47 | 52 | 52 | 55 | 56 | 68 | 79 | 90 | 95 | 108 | 113 | 114 | 120 | 131 |
| Central America | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 1 | 1 | 1 | 1 | 1 | 1 | 0 | 0 | 1 | 2 | 2 | 3 | 4 | 4 | 5 | 5 | 6 | 10 | 13 | 15 | 21 | 25 | 34 |
| Europe | 0 | 0 | 3 | 6 | 7 | 11 | 14 | 16 | 21 | 27 | 31 | 41 | 49 | 21 | 44 | 51 | 57 | 70 | 70 | 87 | 95 | 102 | 111 | 119 | 129 | 130 | 152 | 166 | 192 | 217 | 232 | 252 | 282 | 291 | 339 |
| Middle East | 0 | 0 | 0 | 0 | 0 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 2 | 2 | 2 | 4 | 4 | 4 | 6 | 7 | 7 | 7 | 8 | 8 | 10 | 10 | 12 | 13 | 19 | 20 | 24 | 27 | 19 |
| North America | 5 | 7 | 11 | 15 | 18 | 23 | 30 | 35 | 39 | 43 | 49 | 58 | 70 | 82 | 87 | 87 | 90 | 61 | 66 | 64 | 71 | 71 | 69 | 75 | 84 | 85 | 90 | 92 | 98 | 105 | 105 | 112 | 119 | 121 | 110 |
| Oceania | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 1 | 1 | 2 | 2 | 3 | 3 | 4 | 5 | 6 | 7 | 7 | 8 | 9 | 9 | 10 | 8 | 8 | 7 | 8 | 8 |
| South America | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 3 | 4 | 5 | 6 | 7 | 7 | 9 | 9 | 8 | 9 | 11 | 12 | 15 | 17 | 18 | 22 | 26 | 27 | 35 | 42 | 46 | 55 | 58 | 66 |
| The Caribbean | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 1 | 1 | 1 | 2 | 2 | 2 | 2 | 3 | 3 | 3 | 4 | 7 |
| Total | 5 | 7 | 14 | 22 | 26 | 36 | 46 | 53 | 65 | 75 | 85 | 108 | 132 | 126 | 156 | 168 | 182 | 174 | 183 | 202 | 227 | 247 | 262 | 285 | 312 | 316 | 369 | 404 | 450 | 503 | 549 | 592 | 652 | 682 | 745 |
(*) The statistic measurement method and regional breakdown changed in 2007.
- About FIRST
- Mission Statement
- Strategy Framework
- History
- Sustainable Development Goals
- Organization
- FIRST Policies
- Anti-Corruption Policy
- Antitrust Policy
- Bylaws
- Board duties
- Bug Bounty Program
- Code of Conduct
- Conflict of Interest Policy
- Document Record Retention and Destruction Policy
- FIRST Press Policy
- General Event Registration Refund Policy
- Guidelines for Site Selection for all FIRST events
- Identity & Logo Usage
- Mailing List Policy
- Media Policy
- Privacy Policy
- Registration Terms & Conditions
- Services Terms of Use
- Standards Policy
- Statement on Diversity & Inclusion
- Translation Policy
- Travel Policy
- Uniform IPR Policy
- Whistleblower Protection Policy
- Partnerships
- Newsroom
- Procurement
- Jobs
- Contact