Products Security Incident Response: Key Strategies & Best Practices

Written by: Samuel Cure (CISO),

It is vital to take proactive steps to protect your products in today’s digital world. Despite having good security practices, there are still vulnerabilities that can slip through the cracks.

Organizations should therefore have an action plan in place to address any vulnerabilities found within their products.

Here is the place where Product Security Incident Response Team, (PSIRT), comes in to play.

The PSIRT is charged with identifying, assessing and rectifying vulnerabilities within a product or service.

To create a successful PSIRT, there are several best practices and key strategies. These strategies and best practices will ensure that you are prepared for any vulnerability.

The Five Best Practices in PSIRT

#1: Be Proactive

The clock starts ticking when a vulnerability is found. It is important that the PSIRT quickly initiates its response, notifying both internal and external stakeholders. Once a vulnerability has been shared with an organisation, responsibility and due diligence can begin to be measured. The PSIRT will then move on to the next phase. The response must be documented and logged. It should also preserve the chain of custody to all communications.

#2: Make sure you have a well-organized disclosure process

To raise awareness of potential affected parties, a may be required if a sighted vulnerability presents a serious threat to supply chains.

The organization is part of the U.S. Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency. These three mechanisms are effective in alerting all parties about CVDs:

  1. Inform internal stakeholders of the vulnerability, and give them the information they need to respond.
  2. To notify supply chain partners, use the .
  3. Consider sending advisories with Non-disclosure Agreements (NDAs) to the affected parties in case of vulnerabilities that involve proprietary code while you are initiating the CVD process.

To identify and share vulnerability information, supply chains must use a common language.

Common Vulnerabilities and Exposures is the best method to communicate this publicly. This standard also serves as a basis for public advisory. All vulnerabilities should have CVEs. These can be found in public forums (publications and conferences, etc.). CVDs.

#3. Clearly state your Embargo policy

Your embargo policy should be clear and openly defined. An embargo on a security problem means the vendor/discoverer will keep the information confidential for a period of time while the fix is in progress.

The best practice embargo duration is one to ten weeks. The severity of vulnerability should determine the length and duration of an embargo.

Vulnerabilities must be identified and tracked using the Common Vulnerability Scoring System.

This information should be available to your PSIRT so that customers can receive it as soon as possible via advisory publications.

#4: Work with Security Vendors and Researchers

In order to protect the supply chain, researchers and vendors of security tools are crucial partners. Researchers in cybersecurity search for weaknesses in hardware and software using the most up-to-date technology. Security vendors create new tools to identify vulnerabilities.

Your PSIRT identification process will be more effective if you have more information. You’ll also have more resources, knowledge and tools. To better integrate vulnerability viewing and advisory notifications with security vendors, establish collaborative relationships with researchers.

#5: Optimize your Investigations and Remediation Procedures

A thorough investigation is essential to ensure that affected codes are identified by the PSIRT and that customers can receive the information promptly. Each step of the investigation should be documented and measured.

Good PSIRTs should be equipped with a variety of automation and tools to identify vulnerable codes in products. Automating is required often to verify that all product versions and code libraries are being analyzed in order for a vulnerability sighting to be confirmed.

To ensure that the risks are appropriately managed, verification of remediation is essential. To ensure internal certification and approval of remediation, it is essential to have a formalized sign-off process.

You can be sure that customers are safe by ensuring all fixes and patches have been applied correctly.

An excellent PSIRT means better vulnerability management

These best practices will help your PSIRT to effectively detect and address product weaknesses. You can ensure the safety and satisfaction of customers and your partners by coordinating with other regional CERTS like US-CERT (CISA), CERT/CC (SEI) and others.

The is a good resource for PSIRTs. FIRST is a network of many security and incident response groups, from government and commercial sectors to academic and other.

AMI stands for Firmware Reimagined, which is ideal for modern computing. AMI is a leader in Dynamic Firmware, enabling the global computing ecosystem from the on-premises, cloud, and edge. AMI’s foundational technology is the best in the industry and the unwavering support of customers have created lasting relationships and fueled innovation for many top brands in high-tech. AMI also provides critical support to the Open Compute eco-system and is a member of many industry standards and associations, including the Unified EFI Forum, PICMG and National Institute of Standards and Technology, National Cybersecurity Excellence Partnership, NCEP, and the Trusted Computing Group em>

Written and sponsored by