Security chief backs alerts scheme

Government plans to issue early warnings of software vulnerabilities have been welcomed by John Meakin, group head of information...

Government plans to issue early warnings of software vulnerabilities have been welcomed by John Meakin, group head of information security at Standard Chartered Bank and founder member of open standards user group the Jericho Forum.

The move would give firms with large international networks valuable extra time to fix their systems, he said.

Meakin is not happy with the current system, under which IT directors are kept in the dark about vulnerabilities while suppliers develop patches.

"The critical issue for all firms at the moment is that the time between a vulnerability being announced and an exploit being released on the web is shrinking. If the NISCC can deliver, it might just help us be better prepared for when the exploit finally comes out," he said.

"I am very uncomfortable with the current situation where we have a group of people, including the supplier and the security researcher, who may be aware of the vulnerability for six or nine months before people like myself in the front line of security in an organisation get any inkling."

Meakin said the NISCC's plans, if they worked, would be particularly helpful in advising companies of vulnerabilities that were unlikely to be patched because they are regarded as features of the product.

Stuart Okin, UK head of security at Microsoft, said, "General sharing of best practice and locking down configuration vulnerabilities is absolutely essential for a safe world. That is why we support the NISCC and the work that it is doing."

Read more on Antivirus, firewall and IDS products

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close