Security Web Digest: Federal initiative to improve software security … and More

Five federal agencies, in collaboration with the Center for Internet Security and Oracle Corp., will announce Tuesday a broad federal procurement initiative to improve software security. Under the initiative, software vendors will have to ensure that their software meets specific safe configuration requirements and that any fixes they provide to patch vulnerabilities are reliable and wont compromise these configurations. The idea behind the initiative is to use the federal governments purchasing power to make software vendors accept more responsibility for the security of their software, said Alan Paller, director of the SANS Institute, a security research firm.

The worldwide market forsecurity appliances grew 10 percent in second quarter 2003 over the same period last year, research firm IDC announced Friday. According to IDC, the overall intrusion-detection market grew 29.9 percent year-to-year, with the firewall/virtual private network (VPN) appliance market up 7.5 percent. Quarterly factory revenue for the sector hit $333 million worldwide. Cisco remained the market leader, despite drops in both market share and revenue, holding on to 34.3 percent of the market.

RSA Security announced on Monday new software thats designed to help companies provide secure access to Web applications via a single sign-on. The security software makers new ClearTrust v5.5 uses management module technology it licenses from Thor Technologies. RSA is planning to integrate its products into an identity management system that will be compliant with Liberty Alliance Project software–the main rival to Microsofts Passport.

TruSecure Corp., a managed security services company, on Monday announced announced a new enterprise security management application called Risk Commander. Risk Commander is a risk management tool that pulls together and analyzes data from other security products like network scanning applications, firewalls and network management products. This saves network administrators from having to work with dozens of separate security products and lets them spot relationships between disconnected security events on their network. The announcement is part of a larger program by TruSecure to repackage its network security and application vulnerability expertise in the form of software, said TruSecure CEO John Becker.

GFI this week released a freeware version of GFI DownloadSecurity for ISA Server 6. The freeware version scans HTTP and FTP downloads at the network perimeter using a single anti-virus engine, and can be used as additional protection by companies who do not yet perform virus scanning at firewall level, the company said in a statement. “Although infection by email is much more prevalent, infection by a file that a user has downloaded from a website is just as dangerous and damaging. Most organizations do not protect themselves against this threat,” said Nick Galea, GFI CEO.