New Consortium Formed to Address Security Vulnerabilities

Group seeks to establish standards for protecting IT infrastructures.

Looking to establish a set of best practices for responding to security vulnerabilities, leading technology vendors, researchers and consultancies have joined together to form a new industry consortium.

The alliance—which includes such notable technology companies as Microsoft Corp., Network Associates, Oracle Corp. and Symantec—is proposing to institutionalize methods for protecting Internet users.

Launched in late September, the initiative is called The Organization for Internet Safety (OIS). Its goal is to set in place a system of standard processes to allow security vulnerabilities to be addressed in a way that reduces the dangers they pose to “critical infrastructures.”

Currently there are no widely accepted industry best practices for reporting and managing security vulnerabilities. According to OIS, the absence of such a unified method makes it difficult for security researchers and vendors to efficiently resolve security issues, and keep Internet users and security professionals informed and equipped with the most up-to-date tools.

OIS will receive guidance from an advisory board consisting of network security managers from around the world. The board will work to identify the security needs of Internet users and infrastructure providers. Board members, who have yet to be named, will be nominated by the OIS founders and will serve a one-year term.

OIS expects to announce its advisory board in early 2003, shortly after which it plans to release its first set of guidelines for handling security vulnerabilities.

Founding members of OIS include @stake, BindView Corp., Caldera International, Inc. (The SCO Group), Foundstone, Guardent, Internet Security Systems, Inc., Microsoft Corp., Network Associates, Oracle Corporation, SGI and Symantec.

About the Author

Matt Migliore is regular contributor to He focuses particularly on Microsoft .NET and other Web services technologies. Matt was the editor of several technology-related Web publications and electronic newsletters, including Web Services Report, ASP insights and MIDRANGE Systems.