What security industry wants?

Security industry demands three things for the Bush administration:

1. spend more on computer-security research,
2. share threat information with private-sector security vendors and facilitate information sharing (I believe, including facilitating the vulnerability disclosure process),
3. set up an emergency computer network that would remain functional during Internet blackouts. Read more.

Government presses for industry cooperation

The Bush administration developed a plan to improve security that relies heavily on industry cooperation. The Homeland Security Department has worked to increase coordination between law-enforcement officials and security vendors. In the mean time, security industry demands more from government to give necessary authority to those law-enforcement people to oversee the information security. Read more.

Monthly release cycle policy is broken

Microsoft broke its monthly patch cycle and released a patch for the IFRAME vulnerability in Internet Explorer (IE) December 1, 2004. Read more.

Tenet says there is a need for regulation

George Tenet said that greater government regulation of the Internet and telecommunications networks is needed in order to guard against terrorist attacks. The terrorists are trying to couple attacks on telecommunication networks with physical attacks and are increasingly researching cyber-attacks. Read more.

Need for automated tools for software code audit

Former DHS (Department of Homeland Security) National Cybersecurity Division director Amit Yoran, speaking at the e-Gov Institute's information assurance conference, called for automated tools to help software vendors uncover flaws in their code, but predicted that such tools would not be ready for widespread use for ten years. 95% of flaws come from nineteen common and well understood programming mistakes. However, many developers lack the academic background or specialized training to avoid such mistakes. Read more.