Security vendors join forces

This year’s RSA conference in Europe has offered a new way to improve security software by joining vendors’ efforts. The ones involved in this are Microsoft, EMC, Symantec, Juniper Networks and SAP. The new organization will be called SafeCode and it will have two or three communities: one of them will be technical in nature another dealing with matters at a public policy level and action groups, that are supposed to "reach out" to the government, academia and critical infrastructure providers. Contrary to what most people may think (and with good reason), it will supposedly not be an organization for the sole reason of lobbying.

“It’s not a standards body or a lobbying organisation, but by promoting the individual best practices of firms we get the greatest chance to improve overall best practices. The issue right now is how to triage the problem and find the most important things to work on together,” said Paul Kurtz of the Cyber Security Industry Alliance (CSIA).

Mr.Kurz was not persuaded to answer the question whether SafeCode is something that will stand against governmental legislation according to which security vendors could be held liable. Instead of this compelling answer, Kurtz quickly said that the UK and the EU would find such an organization welcome.

Not everyone was fully convinced whether SafeCode is needed. The argument that in order for it to be effective, the organization would have to gain a critical mass of vendors to join, has been thrown around. “Otherwise the hackers will start targeting those vendors who aren’t members or who have weaker processes,” said analyst Jon Collins. Others simply don’t believe in the sanctity of SafeCode’s purposes and think that there should in fact be laws that enforce security vendor liability, before there is an organization that can try stopping that from happening.

The future will show, what SafeCode has given us.

Articles