The Organisation for Internet Safety (OIS), an alliance of
eleven software companies, researchers and consultancies, yesterday
announced its formation. The group said that its purpose is to
“make it easier for security researchers and vendors to work
together to fix security vulnerabilities” and to “more effectively
protect internet users.”
OIS claims that currently there are no “widely accepted”
industry best practices for reporting and managing security
vulnerabilities. The group believes that this makes it extremely
difficult for both researchers and vendors to resolve security
issues and protect internet users and “critical
infrastructures.”
OIS said in a statement that it is “actively working to develop
guidelines for handling vulnerability information that will be
useful for security researchers and technology vendors alike,” and
expects to release drafts of the standards in early 2003.
The organisation held its first formal meeting at the RSA
Conference in California, in February 2002. Its founding members
include Microsoft, @stake, BindView, Caldera International,
Foundstone, Guardent, Internet Security Systems, Network Associates
, Oracle SGI and Symantec.
More information is available at the OIS web site
