New Consortium Formed to Address Security Vulnerabilities

Group seeks to establish standards for protecting IT infrastructures.

• By Matt Migliore
• 10/09/2002

The alliance—which includes such notable technology companies as Microsoft Corp., Network Associates, Oracle Corp. and Symantec—is proposing to institutionalize methods for protecting Internet users.

Launched in late September, the initiative is called The Organization for Internet Safety (OIS). Its goal is to set in place a system of standard processes to allow security vulnerabilities to be addressed in a way that reduces the dangers they pose to “critical infrastructures.”

Currently there are no widely accepted industry best practices for reporting and managing security vulnerabilities. According to OIS, the absence of such a unified method makes it difficult for security researchers and vendors to efficiently resolve security issues, and keep Internet users and security professionals informed and equipped with the most up-to-date tools.

OIS will receive guidance from an advisory board consisting of network security managers from around the world. The board will work to identify the security needs of Internet users and infrastructure providers. Board members, who have yet to be named, will be nominated by the OIS founders and will serve a one-year term.

OIS expects to announce its advisory board in early 2003, shortly after which it plans to release its first set of guidelines for handling security vulnerabilities.

Founding members of OIS include @stake, BindView Corp., Caldera International, Inc. (The SCO Group), Foundstone, Guardent, Internet Security Systems, Inc., Microsoft Corp., Network Associates, Oracle Corporation, SGI and Symantec.