One sourcing area that has become quite popular with organizations of every size are OSINT providers. Community groups and even commercial enterprises make threat intelligence available to the general public free of charge. Groups such SANS and US-CERT provide specific information on threats and vulnerabilities. Commercial providers such as Alien Vault provide an Open Threat Exchange (OTX) that allows a user community to share threat intelligence such as IOCs and TTPs. Other commercial organizations will provide whitepapers and reports on APT groups or strategic threat intelligence on emerging trends within the information security industry. Depending on the organization, OSINT is often very useful and provides a low-cost alternative ...