Resources
In addition to our corporate responsibilities, we strive to contribute to various initiatives and collaborative security projects in the industry. The following are just a few:SANS @RISK Critical Vulnerability Archives |
|
 |
Web: http://www.sans.org/newsletters/risk/ Main Contributors: Rohit Dhamankar, Rob King Delivered every Monday morning, @RISK first summarizes the three to eight vulnerabilities that matter most, tells what damage they do and how to protect yourself from them, and then adds a unique feature: a summary of the actions 15 giant organizations have taken to protect their users. @RISK adds to the critical vulnerability list a complete catalog of all the new security vulnerabilities discovered during the past week. Thus in one bulletin, you get the critical ones, what others are doing to protect themselves, plus a complete list of the full spectrum of newly discovered vulnerabilities. This is also the subscription list that receives SANS Flash Alerts when they come out two or three times a year. More than 130,000 people are subscribers. |
Zero Day Initiative (ZDI) |
|
 |
Web: http://www.zerodayinitiative.com The Zero Day Initiative (ZDI), founded by TippingPoint, represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. The program's goal is threefold: reward independent security research, promote and ensure the responsible disclosure of vulnerabilities and provide TippingPoint customers with the world's best security protection. The Zero Day Initiative is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint later provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. |
Voice over IP Security Alliance (VoIPSA) |
|
 |
Web: http://www.voipsa.org Main Contributors: David Endler History shows us that advances and trends in information technology typically outpace the corresponding realistic security requirements, which are often tackled only after these technologies are widely deployed. Voice over IP (VoIP) is no different. As VoIP's popularity increases, so will its exposure to current and emerging security threats. The Voice over IP Security Alliance (VOIPSA) aims to fill the void of VoIP security related resources through a unique collaboration of VoIP and Information Security vendors, providers, and thought leaders. VOIPSA's mission is to drive adoption of VoIP by promoting the current state of VoIP security research, VoIP security education and awareness, and free VoIP testing methodologies and tools. |
OpenRCE: Reverse Engineering Community |
|
 |
Web: http://www.openrce.org Main Contributors: Pedram Amini Founded in June of 2005, the Open Reverse Code Engineering community was created to foster a shared learning environment among researchers interested in the field of reverse engineering. OpenRCE aims to serve as a centralized resource for reverse engineers by hosting files, blogs, forums, articles and a unique collection of reference material. Reference materials include papers, a book store, anti reverse engineering database, IDA SDK development language reference, a database of packer analysis notes and a database mapping the call chains between popular Windows API. |
