Shostack + Friends Blog Archive

 

VERIS Community Incident Reporting

PEOPLE OF EARTH – The VERIS Community Application is out: Announcement here:  http://bit.ly/cDAUhy  Website here:  http://bit.ly/9dZwEJ  From Wade’s announcement:

If the VERIS framework describes what information should be shared, the VERIS application provides how to actually share it. Anyone wishing to classify and report an incident can do so responsibly and anonymously using the application. In taking the time to submit an incident, users directly contribute to the collective knowledge of the community AND will receive a useful “thank you” for their efforts. Upon submission, the application generates a report that compares the incident to others in the VERIS dataset along numerous metrics. These comparative analytics can be used by the submitter in whatever manner they choose; we hope it helps to better plan for an avoid similar incidents in the future.

Information submitted via VERIS will be shared with the community (that’s the point, right?). As the dataset grows, we will begin to roll out additional reports, analyses, portals, etc all having the goal of giving you access to the information you’ve provided. This is one of the reasons that ICSA Labs is hosting and participating in the VERIS application. They have over 20 years of experience facilitating collaboration and information sharing within the security community and the VERIS project will benefit from that legacy.

4 comments on "VERIS Community Incident Reporting"

  • Bill Frank says:

    Will the Veris database be accessible for independent analysis or do we have to depend on the Verizon DBIR? I am not taking a shot at Verizon Business, but it seems to me, independent analysis should be allowed.

  • Alex says:

    Hi Bill,

    I wish I had a “here’s the answer” for you. Short answer is that we will be releasing data back to everyone in regular increments. Long answer is we can’t really make up our minds as to how it will be released (in what format) and how frequently until we’re a bit into this. There’s a lot to consider.

  • Steve says:

    Look at adding this to your site…

    http://www.codebaby.com/policelp

    Steve

  • Bud Boocock says:

    I am not real good with English but I line up this very easy to read .

Comments are closed.