CSIRT Tooling: Best Practices in Developing, Maintaining and Distributing Open Source Tools

The role of a CSIRT (Computer Security Incident Response Team) is key in information society and especially to improve cyber security in their constituencies and beyond. To achieve this, CSIRTs often have significant operational constraints such as limited budgets (in many settings, CSIRTs are considered cost centers), a bound number of resources or/and overloaded staff members . Tooling, such as software or tools used in day-to-day activities in Digital Forensic, Incident Response and Threat Intelligence, offers CSIRTs to operate more efficiently the processing of constant flow of information and act in a timely manner (such as notifying victims, reporting, information sharing at European or International level or investigating technical evidences). In the document, a set of best practices is described to help CSIRTs to develop, maintain and distribute existing or new Open Source tools.

Document

• Source of CSIRT Tooling: Best Practices in Developing, Maintaining and Distributing Open Source Tools
• PDF : CSIRT Tooling: Best Practices in Developing, Maintaining and Distributing Open Source Tools

Additional Documents

• Slides: CSIRT Tooling - Best Practices
• Tooling directory

Contributing

The CSIRT Tooling Best Practices is maintained by the Tooling WG of the CSIRT network. If you want to contribute by extending the list, fix issues or provide feedback, feel free to open an issue or do a pull-request on this repository.