Today marks another milestone in our long-term VERIS project to collect incident data and make it more available to the security community. For the past few years, we’ve published the Data Breach Investigations Reports, which present statistics based on forensic investigations conducted by our IR services. Last March, we publicly released the Verizon Enterprise Risk and Incident Sharing (VERIS) framework used to collect data for the DBIR series. VERIS provides a common language for classifying incidents and removes a long-term roadblock to the goal of more widely available information on security incidents.

Today we introduce the VERIS Community application, designed to make sharing such information possible and practical.

If the VERIS framework describes what information should be shared, the VERIS application provides how to actually share it. Anyone wishing to classify and report an incident can do so responsibly and anonymously using the application. In taking the time to submit an incident, users directly contribute to the collective knowledge of the community AND will receive a useful “thank you” for their efforts. Upon submission, the application generates a report that compares the incident to others in the VERIS dataset along numerous metrics. These comparative analytics can be used by the submitter in whatever manner they choose; we hope it helps to better plan for an avoid similar incidents in the future.

Information submitted via VERIS will be shared with the community (that’s the point, right?). As the dataset grows, we will begin to roll out additional reports, analyses, portals, etc all having the goal of giving you access to the information you’ve provided. This is one of the reasons that ICSA Labs is hosting and participating in the VERIS application. They have over 20 years of experience facilitating collaboration and information sharing within the security community and the VERIS project will benefit from that legacy.

We’re very excited about this launch and the direction it leads us. We hope you’ll examine the VERIS application and consider participating in this project.

Tags: Data Breach Report, DBIR, incidents, information sharing, VERIS

This entry was posted on Thursday, November 11th, 2010 at 2:50 pm and is filed under VERIS. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.