Security Alliance Chock-Full of Holes | eWeek

Security Alliance Chock-Full of Holes

Écrit par
John Taschek
John Taschek
Jan 29, 2001
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

I pity companies that make real products that solve real problems. Theyll never be able to compete with the fantasies and myths of todays computer industry. After all, what else could explain the tremendous hype over Ginger, something that no one knows anything about, by an inventor whose best work was in the medical field? Yet the hype is here, and Ginger

(by all indications a motorized scooter) will apparently save the world and be “more important than the Internet.”

Can you see the wince on my face? Can you see how hard it is to discuss a similarly hyped tech alliance to battle hackers? Onward Ill go, though. The new alliance is huge, by all indications. It brings together the industrys toughest competitors, including Oracle, AT&T, Cisco, Hewlett-Packard and even Microsoft, a company not known to leap quickly into any technology alliance.

The deal is theyll work together to swap vulnerability stories. Former President Clinton urged the creation of such a committee, and Commerce—and future Transportation—Secretary Norman Mineta (hmm: transportation and commerce? Perhaps Mineta has something do with Ginger) is an advocate of this nonprofit, to be known as the IT-ISAC (IT-Information Sharing and Analysis Center for Information Technology).

On the surface, IT-ISAC sounds wonderful, but theres something wrong with this picture. Each of these companies might provide a general idea as to the kinds of attacks that it is receiving. But no company in its right mind will contribute the important stuff, such as specific exploits or a specific vulnerability in its product.

Theres little chance that these vendors can disclose hack attempts against customers or inherent vulnerabilities in their applications. This leaves IT-ISAC with such thankless tasks as trying to data-mine hackers IP addresses to figure out which hackers are attacking more than one company. In other words, the data they gather wont be valuable.

There is a better, less organized way of dealing with security vulnerabilities. Dozens of high-level organizations track vulnerabilities, including CERT, Security Focus and SecurityWatch. They are collecting real information and are publicizing real vulnerabilities. IT-ISAC is simply being created for the protection of the vendors. The rest of us are on our own.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.