The Importance of Credibility
The importance of the team's credibility cannot be emphasized strongly enough. One bad report, advisory, or action can be detrimental to the entire team's credibility and the damage can take years to repair. Team credibility is a result of a combination of effectiveness, integrity, professionalism, timeliness, ethics, consistency, and the ability to deal with incidents discreetly, among several other factors. If the team's credibility is damaged, members of the team's constituency will lose faith in the team and stop relying on those personnel for support in responding to incidents. For this reason, advice should not be provided unless vulnerabilities and patches have been fully tested and verified. It can almost go without saying—the incident response team must practice what it preaches. In other words, the incident response team's own tools must be patched, maintained, and well managed so as to prevent incidents.
The CERT Coordination Center provides an excellent example of protecting team credibility. The center will not issue an advisory without fully testing the vulnerabilities and patches first in its lab to verify the steps that are recommended. Given the number of computer vulnerabilities that continue to appear, a team might potentially do no other activity than issue vulnerability alerts or advisories on a daily basis. In an effort to underscore the seriousness of a vulnerability discussed in a CERT CC advisory, the coordination center will issue alerts only on vulnerabilities that are considered very serious and may potentially affect multiple computer systems. When CERT CC does issue an advisory, it will include an MD5 checksum for patches that are recommended for downloading. This step is also part of integrity protection, providing an added check for administrators who are downloading a patch to ensure that it is the same patch that is intended to be downloaded.