Another big part of the disclosure issue causing discontent among cyber-security players is compensation. Vulnerability information and exploit code have become valuable commodities, and many companies, including Internet Security Systems Inc., iDefense Inc. and others, provide some of their customers with prerelease versions of their research for a fee. As such, giving that data away to the government, or anyone else, is of very little interest. "Our value proposition to customers is that they have advance notification of problems before the public does," said John Watters, CEO of iDefense, based in Reston, Va. "People are not inclined to do things unless theres an economic incentive."Faced with the loss of security sources, state and federal agencies are gradually tightening the screws on the industries they hold regulatory sway overmainly network operatorsto turn over more data and keep the intragovernmental information-sharing programs vital. Last week, the Federal Communications Commission imposed new mandatory outage reporting requirements, despite months of protest from AT&T and other major carriers. While the FCC assured the industry that sensitive information will be kept from public disclosure, some said they are not convinced. Illustrating the waning leverage that the industry wields in the information-sharing struggle, FCC Commissioner Kevin Martin conceded last week that he is impressed with the carriers voluntary reporting initiatives and said he agrees that sensitive network information must be protected but that he voted for the new mandates because the DHS identified the outage information as critical to national security. Check out eWEEK.coms Security Center at http://security.eweek.com for the latest security news, reviews and analysis.
Check out eWEEK.coms Government Center at http://government.eweek.com for the latest news and analysis of technologys impact on government practices and regulations, as well as coverage of the government IT sector.