Report: Standards Needed To Rein In Security Vulnerabilities
The report also outlined ways that vendors, resellers and government can work together to fight security vulnerabilities and establish standards for responding to outbreaks after they have occurred.
Such standards are critical to mitigating and eventually eliminating security attacks down the road, said Chris Klaus, CTO of vendor Internet Security Systems and a co-chair of the Task Force.
"While vendors can and must step up and take responsibility for providing more secure products, the active support of government, user groups and consumers is critical to our success," Klaus said. "These recommendations require the contribution and action of end users from support in testing products in real-world deployments to demanding that their vendors provide more secure products and better documentation."
The task force's recommendations, earmarked for both industry and government adoption, champion better ways of providing, measuring and maintaining security so that customers can be more informed when they buy and use software, related security devices and hardware. The report's recommendations focused on broadening recognition and adoption of existing standards and best practices, furthering the use of existing capabilities through common software security configurations and investing in federal research toward the development of better vulnerability analysis or code-scanning tools that can identify software defects.
Other recommendations included developing guidelines for secure equipment deployment and network architectures as well as improving the "Common Criteria" process, which is used by vendors and customers to develop security specifications and conduct security evaluations.
The report was the latest in a series issued by various task forces created in the wake of the White House National Strategy to Secure Cyberspace in February 2003 and the National Cyber Security Summit this past December. The partnership is led by TechNet, the Business Software Alliance, the Information Technology Association of America (ITAA) and the U.S. Chamber of Commerce.