A group of high-powered security experts and industry executives will be in Washington Wednesday, testifying before a Congressional committee looking into ways to bolster the nations defenses against threats such as worms and viruses.
The hearing is focused on finding feasible solutions to the ever-worsening problem of e-mail viruses and self-propagating programs such as Blaster and Slammer. The witness list for the hearing before the House Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census includes executives from Symantec Corp., Microsoft Corp., VeriSign Inc., Network Associates Inc. and Cisco Systems Inc., as well as security experts from @stake Inc. and Qualys Inc.
Among those scheduled to testify is Chris Wysopal, director of research and development at @stake, based in Cambridge, Mass. He plans to discuss the ongoing efforts in the security community to improve the handling of vulnerability information, specifically the work being done by the Organization for Internet Safety. The OIS, of which Wysopal and @stake are founding members, has developed a proposal for vulnerability handling that contemplates a structured behavior set for both the vulnerability researcher and the affected software vendors.
Wysopal also plans to talk about the faulty programming practices that lead to flawed code making it to users desktops.
“Until recently, perhaps within the last three years, building software that was highly resistant to attack was not a top priority of software vendors,” Wysopal says in his testimony.
The hearing comes at a particularly auspicious time, given the recent plague of viruses and worms that has infested the Internet. Blaster and the latest version of the SoBig virus teamed to make for a very messy and frustrating month of August for many administrators.
Also set to testify Wednesday are several government officials, including Robert Dacey, director of IT security at the General Accounting Office, and Lawrence Hale, the director of FedCIRC in the Department of Homeland Security. Richard Pethia, director of the CERT Coordination Center, will also be on hand to testify.
Discuss this in the eWEEK forum.