Vendor Teams
Many operating system vendors such as Sun Microsystems, Microsoft, and Hewlett Packard operate their own incident response teams. These vendor-based teams are special cases, insofar as they do not provide most of the services that other response teams do. Instead, they serve as the vendor’s security analysts when new vulnerabilities are reported in their products. To be fair, some vendor teams also serve as internal teams for their company, but this section specifically refers to vendor vulnerability teams. When product vulnerabilities are discovered or reported to the vendor, the team typically does the following:
- Documents the vulnerability
This should include recording all of the technical details of the vulnerability such as platforms affected, versions, patches/configuration issues, exploitation details, and symptoms.
- Verifies the vulnerability
This usually involves replicating the environment in which the vulnerability was first reported, setting up instrumentation to closely observe the system’s behavior, and attempting to exploit the vulnerability.
- Determines the cause of the vulnerability
Once validated, the team has to determine the causes of the vulnerability in order to recommend an appropriate course of action. How did the problem occur? Where did it occur in the system? This is a forensic process in which a system is painstakingly analyzed, and usually requires a highly skilled and knowledgeable staff.
- Recommends a course of action
The vendor management ...
Get Incident Response now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.