Jericho Forum, the pan-industry security think-tank, is considering its way forward after reaching what members describe as a "crossroads" in its mission to persuade suppliers to improve the security of their software.
In 2004, Jericho Forum set out to devise better approaches to information security for organisations that use technology to become more interlinked.
It was successful in attracting top level members from the user community, including Boeing and Rolls-Royce. But representation from information security product suppliers has lacked stellar quality, said David Lacey, a Jericho Forum founder and former head of information security at Royal Mail.
Although firms such as IBM and Hewlett-Packard have been very supportive, some key suppliers, such as Microsoft, have stopped short of formal membership, even though they have tracked Jericho Forum's work closely.
All Jericho Forum information is free to access. Product developers could use the information when designing their next generation of software. Although elements of Jericho Forum's work have started to appear in commercial products, its members feel that, overall, suppliers have been slow to take up their principles and ideas. "Just because they cannot build it, it does not mean we do not want it," said Lacey.
The lack of top-level engagement by suppliers appears to have placed Jericho Forum "at a crossroads", said Lacey. To move on, Jericho Forum is likely to require a full-time executive to support the volunteer effort that has sustained it up to now. Lacey and John Meakin, a Jericho Forum board member and group head of information security at Standard Chartered Bank, acknowledged this. "We all have day jobs," said Meakin.
The options appear to be for the forum to raise money by beefing up marketing, raising membership fees and adding members, or for it to close down. It is opting to seek new funds.
A Jericho Forum conference in New York on 11 September 2007 will be a "sales pitch" to attract more US members to join, said Meakin.
The event will feature Microsoft architect Carl Ellison, and Nishant Kaushik, principal architect of Oracle's identity management section, among others.
Jericho Forum has run a series of successful conferences and has published 14 position papers that cover IT security issues, from basics to digital rights management.
Meakin said Jericho Forum still needed to flesh out some of the existing position papers, but the major new work is to develop guidelines for new situations, such as federated identity management in a collaborative environment.
Jericho Forum first came to prominence for its work on "deperimeterisation". The idea was that corporate firewalls did not work well technically, and that they did not mirror business reality.
"While traditional security solutions, such as network boundary technology, will continue to have their roles, we must respond to their limitations," said a Jericho Forum report.