106 by developers against software they develop. In addition, there were 3 issues published to serve as technical alerts, based on publicly available information. In June 2010, JPCERTCC became a CVE Numbering Authority CNA. Since then, JPCERTCC has been releasing Japan Vulnerability Notes JVN and JVN iPedia entries that contain reserved CVE Identifier numbers. • JPCERTCC Weekly Report JPCERTCC publishes weekly reports on selected security information of the preceding week, including a useful tip which is relevant to current issues. • JPCERTCC on Twitter https:twitter.comjpcert Japanese https:twitter.comjpcert_en English Since January 2009, JPCERTCC has been providing information security related alerts via Twitter. • JPCERTCC Official Blog http:blog.jpcert.or.jp English Since September 2010, JPCERTCC has been providing security news related to Japan as well as activities happening at JPCERTCC on its English blog. In 2014, 18 articles were published.  Quarterly Activity Reports https:www.jpcert.or.jpreport Japanese https:www.jpcert.or.jpenglishdocreports.html English JPCERTCC publishes quarterly activity reports and studyresearch reports. Since August 2014, its English versions are also available.

2.4. Industrial Control System Security

Since 2008, JPCERTCC has been working on awareness-raising of the industrial control system ICS security in Japan. In January 2013, we extended our services on incident handling to ICS area. We have provided presentations at some seminars and support in cyber incident exercise to engineers of Japanese asset owners. We have also released an ICS security assessment tool “J-CLICS”, developed in collaboration with some experts from ICS vendors and asset owners. 107

2.5. Analysis Center

JPCERTCC has a research team to conduct technical examination and artifact analysis, including not only viruses and bots but also tools which can potentially be used with malicious intent. As the findings through the analysis are crucial in the course of incident handling, our Analysis Center is committed to enhance the analysis environment and its capability.

2.6. Education Public Awareness

• Secure Coding JPCERTCC provides secure coding seminars on CC++, Java and Android. • HTML 5 Security Report In 2014, JPCERTCC compiled a report entitled Investigation Report Regarding Security Issues of Web Applications Using HTML5 to provide organized material which could serve as a basis for technical documentation and guideline for secure web application development using HTML5. https:www.jpcert.or.jpenglishpubsrhtml5.html • Open DNS Resolver Check Site http:www.openresolver.jp Japanese http:www.openresolver.jpen English JPCERTCC released the “Open DNS Resolver Check Site” on 31 October, 2013. This web-based tool allows visitors to check whether the DNS server configured on their PC andor network device connecting to the site is running as an open DNS resolver or not.

2.7. TSUBAME Internet Threat Monitoring Data Sharing Project

The TSUBAME project is designed to collect, share and analyze Internet traffic data, in order to better understand the Internet threats in the Asia Pacific region. It deploys sensors widely in the region, collecting and sharing the data with all participating teams. The TSUBAME project aims to establish a common platform to promote collaboration among CSIRTs in the Asia Pacific region. TSUBAME Working Group is active in APCERT and observation results are exchanged among the teams. 108

2.8. Associations, Projects and Communities