Professional handling of product security vulnerabilities.
When it comes to security vulnerabilities in one’s own products, professional and appropriate handling very often decides whether a potential issue becomes a problem or even a PR disaster for the company. If a security researcher wants to report a product vulnerability, the right place for security reports would be a Product Security Incident Response Team, PSIRT for short.
The main function of a PSIRT is to act as a qualified body for reporting security vulnerabilities in products, solutions and services of the respective company and to ensure their proper handling.
Originally, Product Security Response Teams were mainly founded by larger Internet/network infrastructure/software vendors, the first departments of this kind were created at CISCO, ADOBE and Microsoft, for instance. Now that security research is also focusing on industrial systems, industrial vendors are also increasingly being forced to professionalize their vulnerability management efforts as they have to deal with the multitude of vulnerabilities announced by researchers / hackers.
Limes Security is able to provide customers with this particular expertise and advice on building and deploying PSIRTS, which is unique in the market. Thomas Brandstetter, founder of Limes Security, was also founder and first head of the Siemens Product Cyber Emergency Readiness Team in 2011. Limes Security has coached and supported numerous multinational companies in Europe/Asia through its expert know-how on PSIRTs.
Limes offers the following PSIRT services to industrial manufacturers in particular
- Advice on setting up and establishing Product Security Incident Response Teams
- Development of templates for typical PSIRT processes
- Evaluation, coaching and improvement of existing PSIRT teams
- Fire Drill exercises for Product Security Incident Response Teams
Interested in kicking off or improving your own PSIRT? Contact us!