CTA intelligence sharing is grounded in 5 guiding principles
FOR THE GREATER GOOD
We protect customers, strengthen critical infrastructure, and defend the digital ecosystem.
TIME IS OF THE ESSENCE
We prevent, identify, and disrupt malicious activity by rapidly sharing timely, actionable intelligence.
We reward context sharing to identify an indicator and provide useful information about it.
We attribute intelligence to the member who submits it, but anonymize any and all victim and sensitive data.
YOU MUST GIVE TO RECEIVE
We require all members to share a minimum amount of intelligence with the alliance to prevent the free-rider problem.
LEARN MORE ABOUT MEMBERSHIP TODAY
Join your peers in sharing cyber threat intelligence to better protect your customers and digital ecosystem.
CTA membership offers different tiers, with varying levels of financial contribution and governance involvement, to suit a diverse array of organizational needs and goals.
Average Total Observables Per Month
Observable Types Submitted (average)
33% Network Observables
7% Other Observables
Total Early Shares (in 3 years)
Cyber Kill Chain Diversity (average)
22% Command & Control
2% Actions on Objectives
OUR AREAS OF FOCUS
In addition to our topic-specific working groups that address ad hoc challenges or opportunities, CTA maintains several standing committees:
ALGORITHM & INTELLIGENCE
Oversees the sharing algorithm and platform to incentivize valuable sharing.
Supports new member recruitment and reviews all membership applications for approval.
Informs marketing and PR activities in support of the CTA’s mission and objectives.
PUBLIC POLICY & STANDARDS
Serves as an advocacy arm to inform policy initiatives.
FINANCE & AUDIT
Provides budget oversight and serves an internal audit function.
SECURITY & OPERATIONS
Enhances and secures the CTA Platform and infrastructure.
Cyber Threat Alliance Vulnerability Disclosure Policy
The CTA is committed to raising the level of cybersecurity across our digital ecosystem. In line with that mission, CTA believes that identifying, reporting, and addressing hardware and software vulnerabilities is an essential component of any organization’s cybersecurity program. The purpose of this policy is to foster an open partnership with the security researcher community, and we recognize the work that community does to improve cybersecurity for CTA, its Members, and the broader internet.