| CARVIEW |
- About FIRST
- Mission Statement
- Strategy Framework
- History
- Sustainable Development Goals
- Organization
- FIRST Policies
- Anti-Corruption Policy
- Antitrust Policy
- Bylaws
- Board duties
- Bug Bounty Program
- Code of Conduct
- Conflict of Interest Policy
- Document Record Retention and Destruction Policy
- FIRST Press Policy
- General Event Registration Refund Policy
- Guidelines for Site Selection for all FIRST events
- Identity & Logo Usage
- Mailing List Policy
- Media Policy
- Privacy Policy
- Registration Terms & Conditions
- Services Terms of Use
- Standards Policy
- Statement on Diversity & Inclusion
- Translation Policy
- Travel Policy
- Uniform IPR Policy
- Whistleblower Protection Policy
- Partnerships
- Newsroom
- Procurement
- Jobs
- Contact
- Membership
- Initiatives
- Special Interest Groups (SIGs)
- SIGs Framework
- Academic Security SIG
- AI Security SIG
- Automation SIG
- Cybersecurity Communications SIG
- Common Vulnerability Scoring System (CVSS-SIG)
- CSIRT Framework Development SIG
- Cyber Insurance SIG
- Cyber Threat Intelligence SIG
- Curriculum
- Introduction
- Introduction to CTI as a General topic
- Methods and Methodology
- Priority Intelligence Requirement (PIR)
- Source Evaluation and Information Reliability
- Machine and Human Analysis Techniques (and Intelligence Cycle)
- Threat Modelling
- Training
- Standards
- Glossary
- Communicating Uncertainties in CTI Reporting
- Webinars and Online Training
- Building a CTI program and team
- Curriculum
- Detection Engineering & Threat Hunting SIG
- Digital Safety SIG
- DNS Abuse SIG
- Stakeholder Advice
- Detection
- Cache Poisoning
- Creation of Malicious Subdomains Under Dynamic DNS Providers
- DGA Domains
- DNS As a Vector for DoS
- DNS Beacons - C2 Communication
- DNS Rebinding
- DNS Server Compromise
- DNS Tunneling
- DoS Against the DNS
- Domain Name Compromise
- Dynamic DNS (as obfuscation technique)
- Fast Flux (as obfuscation technique)
- Infiltration and exfiltration via the DNS
- Lame Delegations
- Local Resolver Hijacking
- Malicious registration of (effective) second level domains
- On-path DNS Attack
- Stub Resolver Hijacking
- Detection
- Code of Conduct & Other Policies
- Examples of DNS Abuse
- Stakeholder Advice
- Ethics SIG
- Exploit Prediction Scoring System (EPSS)
- FIRST Multi-Stakeholder Ransomware SIG
- Human Factors in Security SIG
- Industrial Control Systems SIG (ICS-SIG)
- Information Exchange Policy SIG (IEP-SIG)
- Information Sharing SIG
- Law Enforcement SIG
- Malware Analysis SIG
- Metrics SIG
- NETSEC SIG
- Public Policy SIG
- PSIRT SIG
- Red Team SIG
- Security Lounge SIG
- Security Operations Center SIG
- Threat Intel Coalition SIG
- Traffic Light Protocol (TLP-SIG)
- Transportation and Mobility SIG
- Vulnerability Coordination
- Vulnerability Reporting and Data eXchange SIG (VRDX-SIG)
- Women of FIRST
- CCB Initiatives
- FIRST CORE
- Internet Governance
- IR Database
- Fellowship Program
- Mentorship Program
- IR Hall of Fame
- Victim Notification
- Volunteers at FIRST
- Previous Activities
- Special Interest Groups (SIGs)
- Standards & Publications
- Events
- Education
- Blog
CVSS-SIG team
CVSS v2 is the result of collaboration between dozens of security professionals, representing commercial, non-commercial and academic sectors. We would like to acknowledge those who contribute to this industry-standard effort. They are:
-
David Ahmad
Symantec -
Peter Allor
IBM ISS -
David Arbeitel
Lumeta -
Troy Bollinger
IBM -
Jerry Bongard
CSC Australia -
Barrie Brook
Unisys -
Mike Caudill
Cisco -
Steven Christey
Mitre -
Anton Chuvakin
Qualys -
Jim Duncan
BB&T -
Gerhard Eschelbeck
Webroot -
Bill W Evans
Computer Sciences Corporation -
Ron Gula
Tenable Network Security -
Seth Hanford
Cisco -
Luann Johnson
IBM ISS -
Tim Keanini
nCircle Network Security -
Brian Laing
Redseal -
Art Manion
Cert/CC -
Raffael Marty
ArcSight -
Peter Mell
NIST -
Mark Menkhus
HP Software Security Response Team -
Tanyette Miller
Booz Allen Hamilton -
Mike Murray
nCircle Network Security -
Gunter Ollmann
IBM ISS -
Gavin Reid
Cisco -
Sasha Romanosky
Carnegie Mellon University -
Karen Scarfone
NIST -
Michael Scheck
Cisco -
Mike Schiffman
Cisco -
Robin Sterzer
Cisco -
Masato Terada
Information-Technology Promotion Agency Japan -
George Theall
Tenable Network Security -
Andrew Wright
Cisco -
Tadashi Yamagishi
Information-Technology Promotion Agency Japan -
Marina Kidron
Skybox Security
- Common Vulnerability Scoring System (CVSS-SIG)