A "Near Miss" Experiment for Cyber
We are exploring ways to learn from near misses in cybersecurity, and would like your help. (“We” includes Steve Bellovin, Adam Shostack, Blake Reid, Jonathan Bair and Andrew Manley.)

Below is a form designed to gather information about a near miss. By ‘near miss’ we mean an incident where an attack of some form was partially successful, but something stopped it from being a full-fledged incident which you’re required to report to regulators or customers. We ask about these because they are success stories, and we believe they are easier to discuss. Work in many other domains leads us to believe that studying near misses can be fruitful.

The information you provide us will be treated in confidence. We will not release any details we believe identify you or allude to your identity. (For example, there will be no references to “A large software company in Redmond, Washington.”) We will take the information gathered, and report on what we can learn from it.

We call the idea the “Cybersecurity Safety Reporting System” in a nod to the NASA-operated Aviation Safety Reporting System.

Everything about this is an experiment, and we look forward to your feedback.

Tell us about a near miss, not an incident being litigated or under criminal or regulatory investigation.

Never submit passwords through Google Forms.
This content is neither created nor endorsed by Google. Report Abuse - Terms of Service - Additional Terms