ICASI – the Industry Consortium for Advancement of Security on the Internet was officially integrated into the Forum of Incident Response and Security Teams (FIRST) on May 28 2021.
Established in 2008, ICASI’s purpose was to strengthen the global security landscape by driving excellence and innovation in security response practices; facilitating collaboration among members to analyze, mitigate, and resolve multi-stakeholder, global security challenges.
This role will continue but as part of the existing FIRST PSIRT SIG, expanding and improving the community’s ability to respond to vulnerabilities across multiple vendors. Founded in 1990, FIRST is the global leader in incident response.
For more than 10 years, ICASI has led the way in advancing multi-vendor coordinated vulnerability disclosure, introducing the Common Vulnerability Reporting Framework (CVRF) standard, developing the principles of a Unified Security Incident Response Plan (USIRP), helping to create the Guidelines and Practices for Multi-Party Vulnerability Coordination and Disclosure, and modeling a trust group of industry leaders that successfully coordinated multi-vendor responses to numerous security incidents.
With the goal of continuing these successes, and securing broader participation across the global community, ICASI will dissolve as an independent organization and transfer all its assets to FIRST.
Klee Michaelis, Chair of ICASI says: “ICASI and FIRST have enjoyed a close relationship with members of ICASI already participating in FIRST activities, working together on advancing vulnerability management and coordinated disclosure. Closely aligning the knowledge and experience of ICASI with the FIRST community will enable the continued evolution of vulnerability disclosure.”
First board member Shawn Richardson says: “We are really pleased to have ICASI become part of FIRST. This development strengthens our services and capabilities and enhances the incident response industry as a whole.”
Pete Allor, Co-Chair of the PSIRT SIG says: “It’s great to have ICASI as part of the FIRST Community as we can expand our coordinated response to vulnerability issues affecting components across multiple vendors affecting many ecosystems. We look forward to defining and expanding our Incident Response best practices and collective response for use globally.”