30th IETF, 31st IETF, 32nd IETF, 33rd IETF, 34th IETF, 35th IETF, 36th IETF, 38th IETF, 39th IETF,
40th IETF, 41st IETF, 43rd IETF, 44th IETF, 45th IETF and 46th IETF

30th IETF, Toronto, Canada. - July 1994

Guidelines and Recommendations for Incident Processing (GRIP) BOF


The GRIP BOF meet to discuss forming a working group which would produce guidelines and recommendations for use when dealing with security related incidents. The scope was to produce recommendations suitable for use by response teams (RTs), Internet users and vendors of hardware and software products.

The participants decided that the scope of the BOF would address only security related issues rather than, e.g., legal issues such as use of the Internet for the commission of crimes and how to interact with law enforcement agencies. This should be thought about, and perhaps another effort can be spun off in a year when the issues in that area are better understood.

We need to define what an ``incident'' is (e.g., break-ins, denial of service attacks, etc). If we consider the attributes of integrity, confidentiality and availability, loss or attack on any one of these might be considered a ``security incident.''

The BOF felt that a working group should address response to incidents and what response teams (RTs) should do, rather than an education or prevention effort. It was felt that the Site Security effort would address this, and there there was already plenty of response activities going on.

Response Teams

Vendor Response Guidelines


The participants of the BOF agreed that there was sufficient interest in the issues discussed to establish a working group.

A mailing list,, will be set up. Requests to be added or removed should be sent to Any requests which are sent to the whole mailing list, rather than the request mailbox, will be cheerfully ignored. The attendees of this meeting will be automatically added to the mailing list.

The first order of business is to produce a charter for the working group and a schedule of milestones. This will be discussed on the mailing list.

Please send questions, comments, and/or suggestions regarding the GRIP working group to the open mailing list

All issues regarding these web pages should be directed to

These pages are hosted on and are provided on an "AS IS" basis without any explicite or implicite responsibility, liability, etc. (For a more fully understanding please refer to the legal statements within the Impressum, which is only available in German.)