Software suppliers are to work with IT departments to develop ways
of protecting commercial software from hacking, denial of service
attacks and other security vulnerabilities.
Bill GoodwinIT directors are being urged to join suppliers in an initiative
that will collate details of real-life security problems, analyse
them, propose solutions and share good security practices.
Provisionally known as the Information Security Trusted Sharing
Alliance, the initiative will offer IT departments advice on how
best to configure their systems and provide suppliers with data to
improve the security of their products.
"There are a lot of products out there that say they are
bullet-proof and they are on a standalone basis," said Tim Conway,
policy director of the Computing Services & Software
Association (CSSA). "The problem is that once you connect them
together, there are a whole range of interactions. We have to look
at these interactions to make products more secure."
Members of the alliance, which aims to be up and running by
September, will use a secure Internet site to exchange anonymous
reports of security breaches, including details of their hardware
and software configurations.
A team of experts will analyse the reports, recommend solutions
and look for patterns and trends that could help IT departments to
configure their systems against hackers and will enable software
suppliers to secure their products more effectively.
"The driving force is to have a mechanism for the various
different interests associated with security and good Web practice
to get together and work in a positive way. They will share
sensitive information that could indicate technical problems," said
Conway.
The group aims to provide IT departments with a list of dos and
don'ts for their particular hardware and software
configurations.
It will also look at ways to help IT departments distinguish
between nuisance hackers, such as graffiti artists, and hackers
with serious criminal intentions.
The UK alliance follows the creation of an similar alliance by
the Information Technology Association of America in January, which
brought together 19 large IT suppliers.
Although there are a number of closed UK groups devoted to
sharing security information in specific industry sectors, such as
finance and banking, there is no mechanism to share information
widely across industries.
The CSSA, which published a business plan for the initiative
this week, is seeking comments on its proposals from IT
directors.
infosec@cssa.co.uk
bill.goodwin@rbi.co.uk