Customers are increasingly demanding that their IT providers support open standards. Those user demands have resulted in welcome steps toward a more open computing environment and, most recently, the initiative to build a “file signature database” that will enable users to validate the authenticity of files that make up their software systems and applications.
Led by Tripwire, the file signature database initiative is backed by charter members such as IBM, Hewlett-Packard and Sun Microsystems, which have pledged to deliver more secure, reliable and cost-effective computing standards and methods.
The file signature database will be a repository of file metadata derived from published software and is already populated by charter members with more than 11 million known “good files.” The database will be accessible to any licensed application with proper credentials.
The repository will enable customers to verify the identity and integrity of files across different operating systems by comparing the files with the information in the file signature database. The initiative is open to all operating system, application and infrastructure vendors.
The repository will likely gain support from an increasing number of vendors and their customers during the next year as the coalition begins an open-standard file signature database Web service that will give users access over the Internet. Users will be able to populate and host the database through an appliance as well. The database will also be made available to government and law enforcement agencies. While the plan is that the consortium will release an openly published standard to the public, how much of it will remain proprietary is still unknown.
Even at such an early stage, however, without the participation of Microsoft and leading Linux distributors such as Red Hat and SuSE, enterprises remain at a severe disadvantage. Most corporations, after all, run multiple operating systems in their computing environments.
Red Hat executives have voiced support for the initiative. And in a statement accompanying the announcement of the file signature database, Howard Schmidt, chief security officer for Microsoft, was quoted praising the database. Yet, Microsoft is not yet a member of the initiative.
While Microsoft remains committed to its Trustworthy Computing initiative, we would like to see it join its peers in developing open standards for more secure computing. IBM, Sun and HP have their own security initiatives that let users check whether software installations have been tampered with. All three also support this heterogeneous approach.
As we move to a more integrated, automated IT environment, a common method of validating file integrity across multiple operating systems is becoming increasingly important. Microsoft, Red Hat and SuSE should demonstrate their commitment to the open-standards process by joining IBM, Sun and HP in the file signature database coalition.
Send your comments to [email protected].