Jericho Forum, thepan-industry
security think-tank, is considering its way
forward after reaching what members describe as a "crossroads" in
its mission to persuade suppliers to improve the security of their
software.
In 2004, Jericho Forum set out to devise better approaches to
information security for organisations that use technology to
become more interlinked.
It was successful in attracting top level members from the user
community, including
Boeing and
Rolls-Royce. But representation from information security
product suppliers has lacked stellar quality, said David Lacey, a
Jericho Forum founder and former head of information security at
Royal Mail.
Although firms such as IBM and
Hewlett-Packard have been very supportive, some key suppliers,
such as Microsoft, have stopped short of formal membership, even
though they have tracked Jericho Forum's work closely.
All Jericho Forum information is free to access. Product
developers could use the information when designing their next
generation of software. Although elements of Jericho Forum's work
have started to appear in commercial products, its members feel
that, overall, suppliers have been slow to take up their principles
and ideas. "Just because they cannot build it, it does not mean we
do not want it," said Lacey.
The lack of top-level engagement by suppliers appears to have
placed Jericho Forum "at a crossroads", said Lacey. To move on,
Jericho Forum is likely to require a full-time executive to support
the volunteer effort that has sustained it up to now. Lacey and
John Meakin, a Jericho Forum board member and group head of
information security at
Standard Chartered Bank, acknowledged this. "We all have day
jobs," said Meakin.
The options appear to be for the forum to raise money by beefing
up marketing, raising membership fees and adding members, or for it
to close down. It is opting to seek new funds.
A Jericho Forum conference in New York on 11 September 2007 will
be a "sales pitch" to attract more US members to join, said
Meakin.
The event will feature Microsoft architect Carl Ellison, and
Nishant Kaushik, principal architect of Oracle's identity
management section, among others.
Jericho Forum has run a series of successful conferences and has
published 14 position
papers that cover IT security issues, from basics to digital
rights management.
Meakin said Jericho Forum still needed to flesh out some of the
existing position papers, but the major new work is to develop
guidelines for new situations, such as federated identity
management in a collaborative environment.
Jericho Forum first came to prominence for its work on
"deperimeterisation". The idea was that corporate firewalls did not
work well technically, and that they did not mirror business
reality.
"While traditional security solutions, such as network boundary
technology, will continue to have their roles, we must respond to
their limitations," said a Jericho Forum report.