Why CERTs are Important to the MSRC


Zot O’Connor

Program Manager 2

Taking on the enemy with partners, Automating processes, good scotch and bourbon

Poor reporting, FUD, miscreants, dangling participles

As I am traveling in Europe, about to attend the GOVCERT.NL Symposium 2008, I wanted to explain how we work with Guidance Providers (CERTs and similar groups) and why we consider them one of the most important segments in the ecosystem.

One of the problems facing our customers is that the MSRC is not the only communication channel. Often during an event or issue customers hear from many different players: researchers, vendors, other customers, press, governments, and of course CERTs. Our goal is to help the customer understand the issue and know what action, if any, they can or should take. So we work with all of these segments but often the message can get confused due to a lack of understanding, wording, and a, let’s call it, “desire for drama.” CERTs are unique in that they interact with most of the same players that we do, and they are typically focused on providing the best protections for their stakeholders. This means CERTs have influence in the same segments we work with.

In the past we found ourselves at odds with some CERTs’ messaging during events which only serves to confuse the customer, regardless of “who is right” (and often there is no one way to be “right”). Later, by building relationships, we have found that most of the time (if not all) the CERTs either did not understand the issues as we did, or, just as likely, we did not understand the issue as they did. By working with the CERTs we can help minimize the false conflict and confusion delivered to our customers. In order to do that we must step up and offer a channel to the CERTs where they can ask about the nuances and variations of an issue and we can listen. CERTs supply us with critical information about attacks, samples of exploits, and real world experience from their stakeholders. Some of the best value CERTs can offer us is a sanity check on what the customers are seeing, feeling and expecting.

So this week I am not just learning from the presentations and conversations, I am meeting with as many CERTs as I can. This is a great conference and people come, not just from Europe, but around the world. I am here to talk about the MSRC and what we do, but more importantly, I am hear to listen to what the CERTs are doing, what they are seeing, and what they expect from us.

– Zot O’Connor

*Postings are provided “AS IS” with no warranties, and confers no rights.*