 |
|
DAILY NEWS AND INFORMATION
FOR THE GLOBAL GRID COMMUNITY /
|
Breaking News -
Security:
Security Task Force Recommends
Standards-Based Solutions
The National Cyber Security Partnership Task Force on Technical Standards
and
Common Criteria released a report recommending strategies to reduce security
vulnerabilities through standards-based solutions and enhancements to existing
development, deployment and testing processes.
"The security-worthiness of software is essential to the protection and
operation of our nation's critical infrastructure. This report represents an
unprecedented effort by vendors, academics and other experts to take a
comprehensive look at the issue of technical security standards -- from
product configuration and documentation, to deployment, vulnerability testing,
certification and maintenance," said Mary Ann Davidson, chief security officer
at Oracle Corp, and co-chair of the Task Force on Technical Standards and
Common Criteria. "It's clear that to improve the security of deployed
software, vendors are going to have to step up and provide customers with
'secure by default' configurations and the tools to continuously validate and
maintain security configurations. In addition, the Task Force recommendations
will result in the kind of guidance and best practices geared toward making
developers, buyers and users of software more security savvy."
Web services, utility computing, .NET, CPU harvesting and distributed
computing are just a few of the technologies that fall under the Grid
computing umbrella. Gt04 -- a premiere enterprise Grid computing conference
targeting industrial and commercial users -- will gather experts, and outline
strategies and road maps for Grid deployment. For more information, visit
www.gt04.com.
Grid computing is here!
"While vendors can and must step up and take responsibility for providing
more
secure products, the active support of government, user groups and consumers
is critical to our success," said Chris Klaus, CTO of Internet Security
Systems, and co-chair of the Task Force. "These recommendations require the
contribution and action of end-users from support in testing products in 'real
world' deployments to demanding their vendors provide more secure products and
better documentation. The U.S. government has a particular role to play by
funding research on vulnerability assessment, providing needed resources to
NIST, and improving the Common Criteria/NIAP evaluation to make it a viable,
value-added process towards increasing security in products throughout our
Nation's information infrastructure."
"Our Task Force report reflects the significant progress that can only be
made
when industry, government and other security experts partner together. Cyber
security is a critical shared challenge and one that only shared action can
address. We look forward to the community's response to our recommendations
and the improvements to the nation's cyber security posture that will result,"
said Edward Roback, chief of the Computer Security Division at the National
Institute of Standards and Technology (NIST), who serves as the third co-chair
of the Task Force.
Task Force members include a range of subject matter experts, including
academics, CSOs, federal officials and industry experts.
Task Force recommendations are targeted for both industry and government
adoption and champion better ways of providing, measuring and maintaining
security so that consumers can be more informed when they purchase and use
software, related security devices and hardware.
Recommendations focus on:
- Broadening recognition and adoption of existing standards and best
practices.
- Furthering the use of existing capabilities through common software
security configurations.
- Investing in federal research toward the development of better
vulnerability analysis or "code scanning" tools that can identify software
defects.
- Developing guidelines for secure equipment deployment and network
architectures.
- Improving the "Common Criteria" process, used by vendors and customers
to
develop security specifications and conduct security evaluations.
|