Our Indipendent Advisors Network

Owned by David Syman (Unlicensed)
Last updated: Jan 02, 2023 by Laura Mandolini
4 min read

We understand the importance of being counselled and coached by people with more experience than ourselves in certain aspects of the business. Therefore, we have appointed a number of exceptional Independent Advisors belonging from Security Research Labs, whose skills are complementary to our own.

Our 34 Indipendent Advisors are located in 9 countries:

Independent Advisors Network Membership

Our Independent Advisors Network is a community of highly experienced Senior Technical advisors who are active and influential in the Application Security domain and part of FIRST Team.

  • Independent Advisories must have over 10 years experience within Application Security which is typically gained with a Cyber-Security Team, a Security Lab, a leading advisory or consultancy firm and ideally as a buyer or supplier of outsource services.

  • Independent Advisors have a wide range of skills, capable of supporting all aspects of Application Security such as Security strategy, Security Tools selection, contract negotiation, solution definition, deal shape, transition, transformation and ongoing Application Security management.

  • Independent Advisors often belong to a Security Reasearch Lab or a CERT. We have Advisors in American OSU Open Source Lab, Italian PI-CERT, Belgian NVISO Research Lab and CERT EU, German HRZ-CERT, CSIRT-Malta, Dutch National Cyber Security Centre (NCSC), Spanish Valencia College’s Network Engineering Lab.

  • One of objectives of Independent Advisory Network is to increase individual member value, providing members with an ear to, and voice in, the Application Security industry which they would otherwise not enjoy.

  • Independent Advisory Network Membership is by recommendation and invitation only.

Indipendent Advidors Bullettins

Our Independent Advisory Network is voluntary-based network, constantly monitor endogenous and exogenous sources of information, collecting and analyzing the data that come from them, and then classifying them appropriately based on their reliability: all the information are collected in a bulletin distributed to all the interested parties. In this way it is possible to alert in a very short time the customers, providing the necessary details and suggestions for the vulnerabilities’s mitigation. Each member is in charge of reading many Security Bullettins from the following sources (among others):

For Application Security:

– US-CERT ACSC Releases Advisory on Emotet Malware Campaign

EMR-ISAC InfoGram

CISA Community Bullettin

Cybersecurity and Infrastructure Security Agency ICS Advisory

NCSA

SANS ICS Community

RedIRIS - Security Service (IRIS-CERT)

CERT-EU News Monitor

esCERT | inLab UPC

FIRST

For Vulnerable, Blacklisted, Discontinued, Deprecated and Obsolete Libraries/Frameworks:
-- Debian Security https://security-tracker.debian.org
-- Linux Security https://linuxsecurity.com/
-- RedHat Security https://access.redhat.com/security
-- Oracle Security Advisory https://www.oracle.com/technetwork/security-advisory
-- SuSe OVAL Descriptions https://www.suse.com/support/security/oval/
-- Ubuntu CVE Tracker https://people.canonical.com/~ubuntu-security/cve/main.html
-- Alpine Linux Security https://alpinelinux.org
-- CentOS Security https://www.centosblog.com/categories/security/
-- Microsoft Security Response Center https://portal.msrc.microsoft.com/en-us/security-guidance
-- OSS Index by Sonatype: https://ossindex.sonatype.org/
-- NVD by NIST: https://www.nist.gov/programs-projects/national-vulnerability-database-nvd
-- VulnDB: https://vuldb.com/
-- Maven Central: https://mvnrepository.com/repos/central (Java, Scala, Kotlin)
-- NuGet Packages: https://www.nuget.org/packages (.NET)
-- PyPy compatibility: https://bitbucket.org/pypy/compatibility/wiki/Home (Python)
-- Common Weakness Enumeration (CWE): http://cwe.mitre.org/
-- CVE Details: https://www.cvedetails.com/

For community-driven 'Awesome' lists:
-- Awesome Java https://github.com/akullpp/awesome-java
-- Awesome .NET https://github.com/quozd/awesome-dotnet
-- Awesome Android https://github.com/JStumpp/awesome-android
-- Awesome C libraries https://github.com/kozross/awesome-c
-- Awesome C++ https://github.com/fffaraz/awesome-cpp
-- Awesome JavaScript https://github.com/sorrycc/awesome-javascript
-- Awesome TypeScript https://github.com/dzharii/awesome-typescript
-- Awesome Python https://awesome-python.com/ and https://pythonawesome.com
-- Awesome Ruby https://github.com/markets/awesome-ruby
-- Awesome Scala https://github.com/lauris/awesome-scala
-- Awesome GO https://github.com/avelino/awesome-go
-- Awesome PHP https://github.com/ziadoz/awesome-php
-- Awesome Swift https://github.com/matteocrippa/awesome-swift
-- Awesome iOS https://github.com/vsouza/awesome-ios
-- Awesome Kotlin https://github.com/KotlinBy/awesome-kotlin
-- Awesome Groovy libs https://github.com/kdabir/awesome-groovy
-- Awesome shell scripts https://github.com/alebcay/awesome-shell
-- Awesome R https://awesome-r.com
-- Awesome PowerShell https://github.com/janikvonrotz/awesome-powershell
-- Awesome Auto-It https://github.com/J2TeaM/awesome-AutoIt
-- Awesome LUA https://github.com/LewisJEllis/awesome-lua
-- Awesome Clojure https://github.com/razum2um/awesome-clojure
-- Awesome Erlang https://github.com/drobakowski/awesome-erlang
-- Awesome Rust https://github.com/rust-unofficial/awesome-rust

For libHunt service:
-- Java https://java.libhunt.com/
-- .NET https://dotnet.libhunt.com
-- Android https://android.libhunt.com/
-- C/C++ https://cpp.libhunt.com/
-- JavaScript/TypeScript https://js.libhunt.com/
-- Python https://python.libhunt.com
-- Ruby/Groovy https://ruby.libhunt.com/
-- Scala https://scala.libhunt.com/
-- GO https://go.libhunt.com/
-- PHP https://php.libhunt.com/
-- Swift https://swift.libhunt.com/
-- iOS https://ios.libhunt.com/
-- Kotlin https://kotlin.libhunt.com/
-- Rust https://rust.libhunt.com/


Regarding the license/legal issues, like Blacklisted Licenses (Strong CopyLeft included), License Conflict, License Violations, Suspicious Licenses (modified and missed licenses), Poor-man CopyRight:
-- SPDX: https://spdx.org/
-- Open Source Initiative: https://opensource.org/licenses
-- GNU compatible license list: http://www.gnu.org/licenses/license-list.html
-- Creative Commons: https://creativecommons.org/share-your-work/licensing-considerations/compatible-licenses/
-- Comparison of FOSS licenses: https://en.wikipedia.org/wiki/Comparison_of_free_and_open-source_software_licenses
-- FLOSS license chart: https://dwheeler.com/essays/floss-license-slide.html

Indipendent Advisors Deliverables

Every member investigates all reports of security vulnerabilities affecting programming languages, vulnerable components, libraries and frameworks, and releases an Early Warning Mail Thread with a smart document attached as part of the ongoing effort, to help us manage and create new security rules and help keep our Products up-to-date.

 

COPYRIGHT (C) 2015-2024 SECURITY REVIEWER SRL. ALL RIGHTS RESERVED.