80 Fig 1. TWCERTCC incident response classification

2.2. Research and provide vulnerability information

To promote system and network security and reduce damage from intrusion, TWCERTCC is devoted to strengthen services, to publish latest security issues, to provide security documentstools, vulnerability patch information and security related documents download, and actively research attackdefense technologies. Year 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 Advisory 186 178 172 258 142 197 140 138 119 49 Table2. TWCERTCC Advisory statistics Fig 2. TWCERTCC Advisory classification 81

2.3. Mailing list subscription

TWCERTCC has collected and compiled security documentations and the advisories from various foreign hardware and software companies. The information has been evaluated and translated into the localized language, the staff dispatches to the Taiwan publicity to achieve the synchronicity of worldwide circulating information as soon as possible. In addition, the monthly TWCERTCC Newsletters include special columns on the latest network security information, technologies, or skills to raise the awareness of network security in Taiwan.

2.4. Security related information providing

TWCERTCC researches, analyzes and develops technology and training aimed at helping administrators to secure their systems and networks. TWCERTCC irregularly provides security related information, such as security tools, advisory, vulnerability remediation, technology documents, for the multitude and security-conscious users to enhance security education and consciousness.

2.5. Remote Security Auditing System maintain

Systems or applications bugs and vulnerabilities are exploited to cause most incident events and unauthorized access. TWCERTCC established an on-line Security Auditing System to provide customers self-check system vulnerabilities and patch without downloading installingupgrading any software. Security Auditing System is a fortification of risk management tools, which is as important as firewall, anti-virus software and IDS. Security auditing system helps administrators understand the potential vulnerabilities and threats of their administrative domain. By continuing research and development, TWCERTCC Security Auditing System will provide better and convenient service to accomplish the following design goals: A. Convenience  User-friendly interface and easy-to-use  Flexible configuration and setup B. Reliability  Reliable and efficient scan C. Integrity  Graphical statistical report  Suggested and related advisories in the report

2.6. Localized Vulnerability Database maintaining