Security and IT Industry Leaders Form Organization for Internet Safety; New Alliance Will Propose Best Practices for Handling Security Vulnerabilities.
BOSTON--(BUSINESS WIRE)--Sept. 26, 2002
The Organization for Internet Safety (OIS Noun 1. OIS - agency that oversees the intelligence relationships of the Treasury's offices and bureaus and provides a link between the Intelligence Community and officials responsible for international economic policy
Office of Intelligence Support ), a unique alliance of leading technology vendors, security researchers and consultancies, today announced its formation. The OIS was formed to propose and institutionalize in·sti·tu·tion·a·lize
To place a person in the care of an institution, especially one providing care for the disabled or mentally ill.
in industry best practices for handling security vulnerabilities to ensure that security and technology vendors, and security researchers, can more effectively protect Internet users. Founding members of the OIS include @stake, BindView Corp., Caldera International, Inc. (The SCO Group), Foundstone, Guardent, Internet Security Systems, Inc., Microsoft Corp., Network Associates, Oracle Corporation, SGI (SGI, Sunnyvale, CA, www.sgi.com) A manufacturer of workstations and servers, founded in 1982 by Jim Clark. The company was founded as Silicon Graphics, Inc., but changed to its acronym in 1999. and Symantec.
Currently, there are no widely accepted industry best practices for reporting and managing security vulnerabilities. The absence of common processes and best practices can make it extremely difficult for security researchers and vendors to efficiently resolve security issues and keep Internet users and security professionals informed and armed with the most up-to-date security tools. The OIS is founded on the principle that standardized, widely-accepted processes will allow security vulnerabilities to be handled in a way that reduces the dangers they pose and will help security vendors and researchers to more effectively protect Internet users and critical infrastructures.
OIS is actively working to develop guidelines for handling vulnerability information that will be useful for security researchers and technology vendors alike. The organization expects to release drafts of the standards in early 2003.
As part of the OIS, an Advisory Board is being formed that will consist of global network security managers, who can provide unique insight into the needs of computer users and infrastructure providers. The Advisory Board will work with the OIS to validate processes that the group develops. Advisory Board members will be nominated and approved by OIS members and will serve for one year. OIS expects to begin announcing Advisory Board members in early 2003.
"It's increasingly critical - to our critical infrastructure as well as to individual computer users - that security vulnerabilities be avoided when developing software, but where they occur they need to be found and eliminated as effectively as possible," said John Pescatore, Vice President for Internet Security at Gartner, Inc. "Industry-consensus processes are a needed step toward making this happen."
The OIS held its first official meeting at the RSA Conference 2002 in San Jose, Calif., in February. The group has completed its charter and bylaws The rules and regulations enacted by an association or a corporation to provide a framework for its operation and management.
Bylaws may specify the qualifications, rights, and liabilities of membership, and the powers, duties, and grounds for the dissolution of an , and is now working to prepare draft standards for vulnerability reporting. These standards will undergo public review before being finalized.
About the Organization for Internet Safety
The Organization for Internet Safety (OIS) is a unique alliance between leading technology vendors, security researchers and consultancies working to propose and institutionalize industry best practices for handling security vulnerabilities. The OIS was founded in September 2002 on the principle that standardized, widely-accepted processes will allow security vulnerabilities to be handled in a way that reduces the dangers they pose and will help security vendors and researchers to more effectively protect Internet users and critical infrastructures. Founding members of the OIS include @stake, BindView Corp. (Nasdaq: BVEW BVEW Binary View ), Caldera International, Inc. (The SCO Group) (Nasdaq: SCOX), Foundstone, Guardent, Internet Security Systems, Inc. (Nasdaq: ISSX ISSX Internet Security Systems Inc. (stock abbreviation, AMEX) ), Microsoft Corp. (Nasdaq: MSFT MSFT Microsoft (stock symbol)
MSFT Movimento Sociale Fiamma Tricolore (Italy)
MSFT Multi-Stage Fitness Test
MSFT Master of Science in Family Therapy
MSFT Macalester Students for Fair Trade ), Network Associates (NYSE NYSE
See: New York Stock Exchange : NET), Oracle Corporation (Nasdaq: ORCL ORCL Oracle (stock symbol) ), SGI (NYSE: SGI) and Symantec (Nasdaq: SYMC SYMC Symantec Corporation (stock symbol) ).