Security alliance will share user intelligence

Software suppliers are to work with IT departments to develop ways of protecting commercial software from hacking, denial of...

Software suppliers are to work with IT departments to develop ways of protecting commercial software from hacking, denial of service attacks and other security vulnerabilities.

Bill Goodwin

IT directors are being urged to join suppliers in an initiative that will collate details of real-life security problems, analyse them, propose solutions and share good security practices.

Provisionally known as the Information Security Trusted Sharing Alliance, the initiative will offer IT departments advice on how best to configure their systems and provide suppliers with data to improve the security of their products.

"There are a lot of products out there that say they are bullet-proof and they are on a standalone basis," said Tim Conway, policy director of the Computing Services & Software Association (CSSA). "The problem is that once you connect them together, there are a whole range of interactions. We have to look at these interactions to make products more secure."

Members of the alliance, which aims to be up and running by September, will use a secure Internet site to exchange anonymous reports of security breaches, including details of their hardware and software configurations.

A team of experts will analyse the reports, recommend solutions and look for patterns and trends that could help IT departments to configure their systems against hackers and will enable software suppliers to secure their products more effectively.

"The driving force is to have a mechanism for the various different interests associated with security and good Web practice to get together and work in a positive way. They will share sensitive information that could indicate technical problems," said Conway.

The group aims to provide IT departments with a list of dos and don'ts for their particular hardware and software configurations.

It will also look at ways to help IT departments distinguish between nuisance hackers, such as graffiti artists, and hackers with serious criminal intentions.

The UK alliance follows the creation of an similar alliance by the Information Technology Association of America in January, which brought together 19 large IT suppliers.

Although there are a number of closed UK groups devoted to sharing security information in specific industry sectors, such as finance and banking, there is no mechanism to share information widely across industries.

The CSSA, which published a business plan for the initiative this week, is seeking comments on its proposals from IT directors.

Read more on Antivirus, firewall and IDS products

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.