This book is actually two books in one. The first six chapters are about forming and running a computer incident response team. Starting with Chapter 7, “Product Security Vulnerabilities,” the book is devoted to managing product security vulnerabilities. The reason these two subjects are combined into a single book is that they are connected. Attackers use security vulnerabilities to compromise a device. Remove vulnerabilities from the product and it becomes so much more resilient to attacks.
For many companies, incident response is new territory. Some companies do not have incident response teams (IRT). Some would like to have them but need guidance to start, and others would like to improve existing practices. Today, only a handful of companies have mature and experienced teams. For that reason, this book provides guidance in both creating and running an effective incident response team. Organizations that are evaluating whether to invest in an IRT, or that are starting to build one, will find the information in this book to be invaluable in helping them understand the nature of the threats, justifying resources, and building effective IRTs. Established IRTs will also benefit from the best practices highlighted in building IRTs and information on the current state of incident response handling, incident coordination, and legal issues. In an ideal world, this book can provide all the right answers for how to handle every incident; however, because every situation is unique, this book strives instead to help you ask the right questions.
Similarly for managing product security vulnerabilities, the sad truth is that many vendors prefer to live in denial rather than face the truth—vendors who would rather cover up information about vulnerabilities than remove the problem. Only a handful of responsible vendors do the right thing and face the problem and not hide from it. Other vendors should follow their lead and establish their product security teams, join the community, and start making a difference. This is especially important because the protocols underpinning the Internet are starting to show their age. We are now witnessing a rise in the number of vulnerabilities that affect these basic protocols (such as DNS, TLS, and TCP), and these vulnerabilities affect virtually every device that can be connected to the Internet. Vendors without product security teams cannot react properly, or at all, on these vulnerabilities and leave their customers exposed. Ultimately, vendors ignore product security at their own peril, as customers will move away from them and go to vendors who know how to manage vulnerabilities.