Software Industry Unveils Security Framework | eWeek

Software Industry Unveils Security Framework

Écrit par
Caron Carlson
Caron Carlson
Oct 9, 2003
3 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

WASHINGTON—The CEOs of Entrust Inc., RSA Security Inc., Microsoft Corp. and nine other major software companies Wednesday unveiled a task force to elevate the importance of cyber-security among top executives in the private sector and at government agencies.

Other than tax breaks and class-action reform to protect them from frivolous lawsuits, the software executives are not pushing for new laws to improve cyber-security. Regulations targeting specific industries, such as the Sarbanes-Oxley Act, Gramm-Leach-Bliley Act, and Health Insurance Privacy and Accountability Act, already provide a sufficient regime for information security, the CEOs argued.

“Theres plenty of legislation today. The critical ingredient missing is a framework and a way to apply it,” said William Conner, chairman and CEO of Entrust. “There needs to be context to the legislation thats out there.”

Some lawmakers have floated the idea of new legislation requiring publicly traded companies to report the results of security audits in filings with the Securities and Exchange Commission, much like they had to report the results of Y2K protection measures. Business Software Alliance members said they do not support the proposal.

“Theres already an audit standard out there for reporting internal weaknesses,” said Art Coviello, president and CEO of RSA. “What were talking about here is a change in environment.”

Unlike the Y2K risk, routine IT security risks are not well-understood or fully appreciated, said Dale Fuller, president and CEO of Bentley Systems. Top executives need to become better aware that the risks they face have changed substantially, he said.

“When everything was written in stone tablets, not a lot of people cared about fires in their buildings,” Fuller said.

Instead of more action from Congress, the software industry aims to encourage the private sector and government agencies to take the needed steps on their own. Gathered on Capitol Hill for a BSA forum, they presented a framework for enterprises to implement to better security practices.

Echoing a theme of the Bush administrations National Strategy to Secure Cyber Space, the software executives complained that too many corporate chiefs and boards leave IT security to their technology experts when it should be a matter of governance. The framework launched Wednesday provides a management template for IT security, composed of business drivers, roles and responsibilities, and results metrics.

Under the framework, corporate executives would oversee policies and enforce accountability; senior managers would conduct periodic risk assessments and security tests; and CIOs would designate a security officer and develop required policies to support the security program.

While in Washington, the software CEOs also addressed their concerns about intellectual property rights. Few countries treat intellectual property the way they should, said Bruce Chizen, president and CEO of Adobe Systems Inc.

The group urged lawmakers to continue supporting the Digital Millennium Copyright Act, which the recording industry has applied aggressively to combat illegal music downloads. The DMCA is one of the few tools IT companies have to deal with software piracy, Chizen said.

The BSA members also spoke out against governments choosing sides in the open standards/proprietary software debate.

“As an industry, if were not always innovating, if were not introducing great new products, we dont have a reason to be,” said Microsoft CEO Steve Ballmer, adding that governments should choose software based on value. “Our companies will be fine as long as we get a fair chance to compete.”

Discuss this in the eWEEK forum.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.