80 Fig 1. TWCERTCC incident response classification
2.2. Research and provide vulnerability information
To promote system and network security and reduce damage from intrusion, TWCERTCC is devoted to strengthen services, to publish latest security issues,
to provide security documentstools, vulnerability patch information and security related documents download, and actively research attackdefense technologies.
Year 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008
Advisory 186
178 172
258 142
197 140
138 119
49
Table2. TWCERTCC Advisory statistics
Fig 2. TWCERTCC Advisory classification
81
2.3. Mailing list subscription
TWCERTCC has collected and compiled security documentations and the advisories from various foreign hardware and software companies. The
information has been evaluated and translated into the localized language, the staff dispatches to the Taiwan publicity to achieve the synchronicity of worldwide
circulating information as soon as possible. In addition, the monthly TWCERTCC Newsletters include special columns on the latest network security information,
technologies, or skills to raise the awareness of network security in Taiwan.
2.4. Security related information providing
TWCERTCC researches, analyzes and develops technology and training aimed at helping administrators to secure their systems and networks. TWCERTCC
irregularly provides security related information, such as security tools, advisory, vulnerability remediation, technology documents, for the multitude and
security-conscious users to enhance security education and consciousness.
2.5. Remote Security Auditing System maintain
Systems or applications bugs and vulnerabilities are exploited to cause most incident events and unauthorized access. TWCERTCC established an on-line
Security Auditing System to provide customers self-check system vulnerabilities and patch without downloading installingupgrading any software. Security
Auditing System is a fortification of risk management tools, which is as important as firewall, anti-virus software and IDS. Security auditing system helps
administrators understand the potential vulnerabilities and threats of their administrative domain. By continuing research and development, TWCERTCC
Security Auditing System will provide better and convenient service to accomplish the following design goals:
A. Convenience User-friendly interface and easy-to-use
Flexible configuration and setup B. Reliability
Reliable and efficient scan C. Integrity
Graphical statistical report Suggested and related advisories in the report
2.6. Localized Vulnerability Database maintaining