All members of CCSS must meet at least one of the following criteria:

  • Security software vendor: The member organization must produce and distribute security software in the form of a firewall and/or anti-virus product. The security product must not be an OEM product of another provider or strictly rely on downloading or using signature files of another vendor.
  • Operating System: The member organization must have a product that is available to the general public and acts as an interface between the hardware and the user.
  • Browser: The member organization produces a software product intended for use by the general public for browsing the web securely.
  • New members shall be added by vote of the forum. However, such vote shall only be to determine if such proposed member meets the criteria above. Any company meeting one of the criteria above may join regardless of size, location, or market share.
  • New Members must adopt disclosure policies that are, at a minimum, comparable to the CCSS vulnerability disclosure guidelines.

Members may cancel their membership to CCSS at any time.

If your organization would like to join CCSS, please email us at