Training to Improve Support of Product SecurityGaus Rajnovic of FIRST on New Demands for Incident Response
The Forum of Incident Response and Security Teams recently announced the release of new training resources to help organizations build and improve product security incident response teams. Damir "Gaus" Rajnovic of FIRST discusses the global need for these resources.
Rajnovic, a Panasonic U.K. executive who serves on the board of directors of FIRST, says the latest action comes as a result of recent incidents involving the inherent insecurity of manufactured products; it's in direct support of Version 1.0 of the new PSIRT Framework.
The practice of product security is decades old, but takes on new importance because of the cybersecurity threat landscape, Rajnovic says in an interview with Information Security Media Group.
"When we look at the attacks that are happening on various organizations and systems, most of those attacks are happening because of [product] vulnerabilities," he says. "If we have vendors who are better equipped to notice those vulnerabilities before a product is shipped, that would prevent some or many of the attacks that are happening."
In this interview (see audio link below photo), Rajnovic discusses:
- The need for these new training resources;
- The tie-in to the new PSIRT Framework;
- What to expect when this framework is released later this year.
Rajnovic has been involved in the computer security arena since 1993, working on incident response, coordination and product security. He currently works for Panasonic and is a member of the board directors and CFO of the Forum of Incident and Security Teams.