Many operating system vendors such as Sun Microsystems, Microsoft, and Hewlett Packard operate their own incident response teams. These vendor-based teams are special cases, insofar as they do not provide most of the services that other response teams do. Instead, they serve as the vendor’s security analysts when new vulnerabilities are reported in their products. To be fair, some vendor teams also serve as internal teams for their company, but this section specifically refers to vendor vulnerability teams. When product vulnerabilities are discovered or reported to the vendor, the team typically does the following:
This should include recording all of the technical details of the vulnerability such as platforms affected, versions, patches/configuration issues, exploitation details, and symptoms.
This usually involves replicating the environment in which the vulnerability was first reported, setting up instrumentation to closely observe the system’s behavior, and attempting to exploit the vulnerability.
Once validated, the team has to determine the causes of the vulnerability in order to recommend an appropriate course of action. How did the problem occur? Where did it occur in the system? This is a forensic process in which a system is painstakingly analyzed, and usually requires a highly skilled and knowledgeable staff.
The vendor management ...