[Bp_certs] About types of CERTs

[Damir Rajnovic]

Hi all,

It seems to me that I have joined mid-stream into this thread
a few days ago so I am probably missing the initial context.

This is fascinating discussion but I have one very simple
question which is about importance of being "national CERT"? 
(sorry, could not help myself)

A team can call itself whatever they like - national, CNI,
semi-national or Exalted CERT for Official Monster Raving Loony 
Party - all that it matters is what is their constitency. If
an incident involves that constituency (or a subset of it),
then that team is who you need.

I can understand that for the team itself there might be a
significance if it can attach a specific title to itself because
then the team can get more funding or prestige. But is that
really what is important? We can certainly list all known
names and we can invent a few more but what is the end goal?

Thank you,

Gaus

On Thu, Jul 24, 2014 at 05:29:02PM +0000, Andrew Cormack wrote:
> And to those trying to reach out to a particular CSIRT role in 
> another country. In theory you should be able to tell the 
> difference from the 'constituency' definition in RFC2350, but 
> I suspect it'd be easier to have distinct names for each role 
> so that 'national CERTs' could flag up which they were.




==============
Damir Rajnovic <gausix at gmail.com>
Telephone: +44 7825 049 500
==============
There are no insolvable problems. 
The question is can you accept the solution? 


Incident Response and Product Security
http://www.ciscopress.com/bookstore/product.asp?isbn=1587052644