Government May Step Into Security Fray | eWeek

Government May Step Into Security Fray

Écrit par
Dennis Fisher
Dennis Fisher
Nov 8, 2001
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

SAN FRANCISCO — A former government lawyer on Wednesday said some federal regulation of computer security is inevitable if vendors and security researchers dont do a better job of policing themselves.

That prospect is a frightening one for vendors and security experts who remember the battles in the late 1980s and 1990s over governmental regulation of cryptography.

Speaking at Microsoft Corp.s Trusted Computing 2001 forum here, Michael ONeill, a partner at law form Preston, Gates & Ellis and the former general counsel at the Central Intelligence Agency, also took the security experts in attendance to task for irresponsible handling of vulnerabilities and exploits.

ONeills comments came just after Mozelle Thompson of the Federal Trade Commission said he doubted the government would get involved in regulating security any time soon.

Microsoft, for one, is spooked by the possibility of government intervention in the security community. Company officials concede, however, that it may become reality soon.

“If we as a security community dont clean up our act, someone will step in and clean it up for us,” said Scott Culp, manager of the Microsoft Security Response Center in Redmond, Wash. “We really, really dont want to see that.”

To avoid that scenario, Microsoft this week is trying to build support for an industry-backed effort to develop standards for vulnerability reporting and handling. Culp and others inside Microsoft believe that such a standard would cut down on the spread of exploit code and therefore reduce the number of attacks on the Internet.

The standard could include things such as prescribed processes for reporting vulnerabilities to vendors as well as requirements for vendors to respond in a timely manner.

But the effort is in its infancy. The process of forming a group to discuss a standard has yet to begin and Culp said he has no way of knowing how long the entire development effort could take.

As with any Microsoft effort, this one is not without its detractors. Several of the attendees at the conference questioned the companys motives and there has been much speculation that Microsoft would like to restrict the distribution of vulnerability reports to a select group of partners. Culp vehemently denied that accusation and said that such an effort would fail before it ever got off the ground.

“Thats absolutely untrue,” Culp said of the reports of Microsofts intentions. “It wouldnt be accepted. We have no designs for a closed process. We know two things: theres a problem, and we dont have an answer.”

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.