| Introduction | Spirit | History | Technology | Human Resource | Formation |  |
 |
Spirit
Facing cyber security with a spirit of coordination
Speed. Accuracy. Tenacity.
The essence of coordination lies in striking a balance between these seemingly contradictory elements.
Just after 5 a.m. Japan time, an incident is identified in Washington D.C. At JPCERT/CC, we immediately start collecting information, find the software exploit code suspected to be the cause, and get to work on analysis. Five hours later at 10 a.m., we have already grasped the situation, and we start coordinating with relevant parties to prepare to release information. It is around noon when we release a security alert to the Japanese public. This whole process is conducted in about half a day. It is said that malicious attacks are carried out in a matter of days after a vulnerability is published. In other words, speed is of the essence in thwarting attacks.
Delivering the right information to those who need it, in a world overflowing with information.
News reported by the media have a major social impact. When information is disseminated before it has been confirmed, that information takes on a life of its own, creates confusion, and often leads to a situation that works in favor of attackers. At JPCERT/CC, we release appropriate information such as Early Warnings and Security Alerts on a timely basis. On CISTA[1], a portal site run by JPCERT/CC to enable registered organizations to access and exchange security-related information, we emphasize information exchange between related parties, instead of simply providing information. JPCERT/CC aims to strengthen the defense capabilities of the community as a whole by serving as a hub and sharing analysis results.
[1] Collective Intelligence Station for Trusted Advocates
Connecting researchers, vendors, and users through the power of coordination.
Vulnerabilities are security weaknesses that lie hidden in software and hardware systems. Cyber attacks are carried out by exploiting undiscovered and unaddressed vulnerabilities. Herein lies the meaning of coordination that mediates between those who discover vulnerabilities and product vendors. JPCERT/CC follows the spirit of researchers working on this problem, and notifies product vendors of reported vulnerability and negotiates with them. Then the product vendors deliberate countermeasures based on that information and release vulnerability information to the users. Vulnerability information is published on the product vendors' websites and on a website jointly run by JPCERT/CC and IPA[2] called JVN.[3]
[2] Information-technology Promotion Agency, Japan
[3] JPCERT/CC is a vulnerability coordinating body prescribed in the "Standards for Handling Vulnerability-related Information of Software Products and Others " (the Ministry of Economy, Trade and Industry's Public Notice No. 19 of 2017) and the "Public Notice to Designate Receiving Bodies and Coordinating Bodies" (the Ministry of Economy, Trade and Industry's Public Notice No. 20 of 2017).
| Introduction | Spirit | History | Technology | Human Resource | Formation | |
|
