Printer Friendly
The Free Library
22,725,466 articles and books

A Call for Responsible Disclosure Guidelines for the Information Security Industry.



Business/Technology Editors

HERNDON, Va.--(BUSINESS WIRE)--Aug. 13, 2001

TruSecure Expert Cites Code Red as Just the Latest Example of

Malicious Code Fueled by Full Disclosure Policies

By the time Code Red launched on July 13, a plethora of information was available on the worm, including the type of system it could infect, how quickly the worm would propagate prop·a·gate
v.
1. To cause an organism to multiply or breed.

2. To breed offspring.

3. To transmit characteristics from one generation to another.

4.
 and even the way in which it exploited systems. The public was extremely well informed and could find any detail it wanted to know about what could have possibly become the Internet's most devastating dev·as·tate  
tr.v. dev·as·tat·ed, dev·as·tat·ing, dev·as·tates
1. To lay waste; destroy.

2. To overwhelm; confound; stun: was devastated by the rude remark.
 malicious code threat to date. But was this a good thing?

Russ Cooper, surgeon general The U.S. Surgeon General is charged with the protection and advancement of health in the United States. Since the 1960s the surgeon general has become a highly visible federal public health official, speaking out against known health risks such as tobacco use, and promoting disease  of TruSecure Corp. (www.trusecure.com), contends that full disclosure can actually help malicious code propagate and evolve into new strains. By making vulnerability and exploit information public before a software vendor can issue a patch and help customers secure their systems, organizations that practice full disclosure give hackers all the ammunition they need to launch a worm or virus.

Mr. Cooper believes that the industry must develop responsible disclosure guidelines, established with an independent governing body Noun 1. governing body - the persons (or committees or departments etc.) who make up a body for the purpose of administering something; "he claims that the present administration is corrupt"; "the governance of an association is responsible to its members"; "he  that could develop and enforce such policies. The Responsible Disclosure Forum would advise vendors on the seriousness of threats to their software before making the information public. This would allow vendors and customers ample time to patch the vulnerability and minimize the effectiveness of any exploits launched. The Forum could also serve as an information resource to the media, ensuring an objective opinion on the seriousness of a threat, helping to guarantee responsible and useful reporting.

Media interested in speaking with Mr. Cooper regarding the need for responsible disclosure, please contact Cynthia Smith Cynthia Smith is a fictional character from the Mirror-Image worlds in the Stephen King and Richard Bachman Novels "Rose Madder", "Desperation" and "The Regulators," respectively.  of TruSecure Corp. at (703) 480-8509 or csmith@trusecure.com, or Siobhan Gallagher of Schwartz Communications at (781) 684-0770 or TruSecure@schwartz-pr.com.

About the Expert

Mr. Cooper is surgeon general of TruSecure Corp., and founder and moderator of the NTBugtraq Newsletter. NTBugtrag was established in 1997 and has grown to more than 30,000 subscribers. With more than 23 years of experience in the computer industry, he has worked as an independent consultant who specializes in Microsoft Windows See Windows.

(operating system) Microsoft Windows - Microsoft's proprietary window system and user interface software released in 1985 to run on top of MS-DOS. Widely criticised for being too slow (hence "Windoze", "Microsloth Windows") on the machines available then.
 NT(R), the Internet and security, with emphasis on securing the environment for Internet usage. He participates regularly with Microsoft in product design review, alpha, beta and service pack testing. Russ was also technical editor for Windows NT (Windows New Technology) A 32-bit operating system from Microsoft for Intel x86 CPUs. NT is the core technology in Windows 2000 and Windows XP (see Windows). Available in separate client and server versions, it includes built-in networking and preemptive multitasking.  5.0 Security authored by Jeff Schmidt Jeff Schmidt (born in 1968[1]) is an American bassist.

In 2005, Schmidt placed first in the Bass Extremes International Contemporary Solo Bass Competition.
.

About TruSecure Corporation

TruSecure provides global 10,000 companies with comprehensive enterprise risk-management programs that assure the ongoing security of their critical systems and information. By integrating disparate security products and processes into a comprehensive risk management program, TruSecure helps hundreds of companies achieve greater risk reduction at lower cost. TruSecure's ICSA See TruSecure. (R) Labs is the security industry's central authority for product standards and testing, and today certifies more than 95% of the market's anti-virus software anti-virus software nAntivirensoftware f , network firewalls, cryptography and IPSec products. TruSecure's monthly magazine, Information Security(R), is the industry's leading trade publication. Based in Herndon, Va., TruSecure Corporation is privately-held with investors including J. & W. Seligman & Co., J.P. Morgan Partners, Weston Presidio Capital, Greylock and WaldenVC.

For more information about TruSecure please visit www.trusecure.com.

TruSecure, ICSA, and Information Security are registered trademarks of TruSecure Corporation. All other trademarks and service marks mentioned herein are property of their respective owners.
COPYRIGHT 2001 Business Wire
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2001, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

 Reader Opinion

Title:

Comment:



 

Article Details
Printer friendly Cite/link Email Feedback
Publication:Business Wire
Geographic Code:1USA
Date:Aug 13, 2001
Words:557
Previous Article:Convergent Networks Appoints Jim Hamlin Vice President, Large Carrier Sales.
Next Article:Kramont Reports Second Quarter/Half Year Gains; Increased Funds From Operations, Earnings and Revenues Reflect Strong Retenanting, Redevelopment...
Topics:



Related Articles
Clarity in Corporate Disclosures.
Thomson Financial. (News in Brief).
The carrot and the stick: IRS's new disclosure initiative and guidelines for imposing the section 6662 accuracy-related penalty.
Annual meetings going on line. (Business Briefs).
ISS Vulnerability Disclosure Guidelines. (Security).
Regulation FD: coping in the trenches: CFOs tell how the SEC's stricter disclosure rules have changed the way they release financial information...
NAA lease complies with federal lead disclosure requirements.
Mr. Smith goes to Ireland.
Bug hunters turn the tables on software makers.
New CMBS guidelines aim to make market more transparent.

Terms of use | Copyright © 2014 Farlex, Inc. | Feedback | For webmasters