The National Information Advisory Council (NIAC) was formed by executive order in September 2002 and is charged with advising the US Department of Homeland Security and the President regarding the security of information systems and networks essential to the nation's critical infrastructure. A key task in front of the NIAC is to provide guidance on disclosing vulnerabilities, and a working group has been created to establish a framework for vulnerability disclosure to include specific recommendations to the President.

As part of its outreach and information-gathering efforts, the working group is presenting a brief overview of the project during the Monday morning General Session. Interested attendees are invited to contribute further via a dialog during the ISP Security BOF at 7:30 Monday evening.

About the Presenter
Jim Duncan works in the Critical Infrastructure Assurance Group at Cisco Systems, where he is a topic expert on incident response, vulnerability handling, and cyberthreat assessment. Previously, Jim was an Incident Manager for the Cisco Systems Product Security Incident Response Team (PSIRT) for four years, where he handled customer security and product security vulnerabilities. In addition to his work with the NIAC Vulnerability Disclosure WG, Jim currently works on proactive issues supporting other incident response teams within Cisco. He is authoring an internal policy for information sharing, and he actively contributes to external projects for several Information Sharing and Analysis Centers (ISACs). In the background is a project to adapt "Inter-NOC Dial By ASN" technology for inter-ISAC communications.

Jim contributed to RFC 1244, the Site Security Policy Handbook, co-authored a tutorial on building an incident response team for USENIX, and is a Liaison Member of the Forum of Incident Response and Security Teams. Prior to Cisco, Jim worked for Penn State University. He attended his first NANOG meeting at NANOG8, October 1996, in Ann Arbor.