HOME

TheInfoList



OR:

The Forum of Incident Response and Security Teams (FIRST) is a global forum of incident response and security teams. They aim to improve cooperation between security teams on handling major cybersecurity incidents. FIRST is an association of incident response teams with global coverage. The 2018 Report of the United Nations Secretary-General's High-Level Panel on Digital Cooperation noted FIRST as a neutral third party which can help build trust and exchange best practices and tools during cybersecurity incidents.


History

FIRST was founded as an informal group by a number of incident response teams after the WANK (computer worm) highlighted the need for better coordination of incident response activities between organizations, during major incidents. It was formally incorporated in California on August 7, 1995, and moved to North Carolina on May 14, 2014.


Activities

In 2020, FIRST launched EthicsFIRST, a code of Ethics for Incident Response teams. Annually, FIRST offers a Suguru Yamaguchi Fellowship, which helps incident response teams with national responsibility gain further integration with the international incident response community. It also maintains an Incident Response Hall of Fame, highlighting individuals who contributed significantly to the Incident Response community. FIRST maintains several international standards, including the
Common Vulnerability Scoring System The Common Vulnerability Scoring System (CVSS) is a technical standard for assessing the severity of vulnerabilities in computing systems. Scores are calculated based on a formula with several metrics that approximate ease and impact of an exploi ...
, a standard for expressing impact of security vulnerabilities; the Traffic light protocol for classifying sensitive information; and the Exploit Prediction Scoring System, an effort for predicting when software vulnerabilities will be exploited. FIRST is a partner of the
International Telecommunication Union The International Telecommunication Union (ITU)In the other common languages of the ITU: * * is a list of specialized agencies of the United Nations, specialized agency of the United Nations responsible for many matters related to information ...
(ITU) and the Department of Foreign Affairs and Trade of Australia on Cybersecurity. The ITU co-organizes with FIRST the Women in Cyber Mentorship Programme, which engages cybersecurity leaders in the field, and connects them with women worldwide. Together with the
National Telecommunications and Information Administration The National Telecommunications and Information Administration (NTIA) is a bureau of the United States Department of Commerce that serves as the president's principal adviser on telecommunications policies pertaining to the United States' ec ...
, FIRST also publishes guidelines for multi-party vulnerability disclosure, in scenarios such as the
Heartbleed Heartbleed is a security bug in some outdated versions of the OpenSSL cryptography library, which is a widely used implementation of the Transport Layer Security (TLS) protocol. It was introduced into the software in 2012 and publicly disclos ...
vulnerability in OpenSSL. In 2019, the Wall Street Journal reported Huawei Technologies Co. had been suspended from the Forum of Incident Response and Security Teams due to changes to US technology export restrictions. In 2017, a NATO-style coalition of 41 states, including all
Gulf Cooperation Council The Cooperation Council for the Arab States of the Gulf (), also known as the Gulf Cooperation Council (GCC; ), is a Regional integration, regional, intergovernmental organization, intergovernmental, political, and economic union comprising Ba ...
states, intended to work closely with FIRST to heighten levels of cybersecurity cooperation.


Internet governance implications

In his study of Internet Governance,
Joseph Nye Joseph Samuel Nye Jr. (January 19, 1937 – May 6, 2025) was an American political scientist. He and Robert Keohane co-founded the international relations theory of neoliberalism, which they developed in their 1977 book ''Power and Interdepe ...
identified FIRST as an "incident response regime", supporting global cyber activities. Political scientists focused on international security have considered organizations such as FIRST to be transparency and confidence-building measures in cyberspace, "elements of international policy that reduce threats, build trust, and make relationships between states more predictable". The FIRST community has also been considered an example of "science diplomacy", as its technical community offers a means of navigating tensions in a way political actors re not able to.


References

{{reflist Technology consortia Security Internet Data security *