Published: Jul 21, 2017
Author: admin_sec

We have three announcements to make concerning VERIS. The first announcement is easy and more of an amendment than something new; we’re redefining the VERIS acronym. We previously defined VERIS as the “Verizon Enterprise Risk and Incident Sharing” framework, but having “Verizon” in the title purportedly raised some eyebrows and perhaps hindered adoption. Additionally, VERIS is less of an “Enterprise Risk” framework as it is a tool for creating information to be used within a risk management framework. So, after quite a bit of discussion, we are redefining VERIS as the:

Vocabulary for Event Recording and Incident Sharing

We felt this acronym more accurately captures what VERIS is: a common language to describe the series of events comprising a security incident and share this information with others. VERIS exists for this purpose, and we strongly believe that data collection, analysis, and sharing is hands down the best use of our collective resources moving forward.

Our second announcement comes from the realization that VERIS is at the point in its maturation process where it would benefit from more community involvement. In a series of steps in that direction, we are kicking off veriscommunity.net as a centralized source for all things VERIS. We are in the process of moving over the original wiki to this location, and we’ll make announcements there as other things get moving. One of those things you should know about is that we’ve put a beta XML schema and related resources on github that we hope will aid you in your VERIS development efforts. Consider it the primary source if you are developing or implementing VERIS-based tools.

We also wanted to help the communication between those adopting and adapting VERIS, so we’ve set up a VERIS Community mailing list that you can join to interact with other users and developers.  Please, visit the new site, sign up, and contribute!

The third announcement concerns a wrong that we’re going to start making right. When we first released VERIS, one of the main goals was to foster information sharing in the security industry (a common language being an essential part of that). As a follow-up to that, we launched the VERIS Community application to provide an actual mechanism for reporting and sharing incident data. We published some initial findings a few months later based on community submissions, but we have otherwise failed to follow through on the all-important “sharing” piece.

Part of that is due to time constraints. Part is due to the underwhelming amount and quality of submissions. Part is due to our indecision on how best to share contributed data back with the community. We could go on, but the important thing is that we believe in this and we’re going to fix it.

From now on, every valid submission to the VERIS Community application will be added to a dataset that is publicly accessible. We have created a dashboard that will allow you (for free) to view and manipulate VERIS Community data to whatever purpose you desire. It’s your data, and we apologize for taking so long to make it useful to you.

We do need to make one caveat, however. The dataset that is currently available should be considered more like test records than something to drive next year’s security decisions. In reviewing the submissions, it is apparent that a number of these are test cases (please be sure to check the box indicating this next time!) or bogus entries (unless there really was a meteor strike that somehow led to malware infections and unauthorized access), or faulty selections (we’ll create some better training materials to address this). All that to say – consider this mainly as a chance to give us feedback on how we can make this interface to your data more useful and beneficial to you (assuming it’s populated with better data).

In addition to inspiring feedback, we hope this inspires you to become more active in the VERIS Community - especially in contributing (anonymous) incident information. We’re excited to see where this leads, and glad to be able to play a part in making “incident sharing” more than just a nice concept.