ITworld.com
  Search  
ITworld Home Page ITworld Webcasts ITworld White Papers ITworld Newsletters ITworld News ITworld Topics Careers ITworld Voices ITwhirled Changing the way you view IT

CERT looks to cash in on security data

 Network World 4/30/01

For 13 years the CERT Coordination Center -- originally called the Computer Emergency Response Team -- has been the Internet security watchdog. But CERT's decision to sell sensitive information raises the question of whether CERT is abandoning its mission.

On this topic
Survey shows security is top concern for IBM users
Are you ready for your audit?
Integrate or Consolidate? Real World Strategies for Next Generation IT Operations Management
Get practical tips, IT news, how-tos, and the best in tech humor.

CERT, which is federally funded and operates under the aegis of the Software Engineering Institute (SEI) at Carnegie-Mellon, has advised the public on everything from Internet virus outbreaks to denial-of-service attacks and software vulnerabilities.

When it identified a problem, CERT shared the information with the Department of Defense and posted its famous "CERT advisories" on the Web. If a product was involved, CERT gave the vendor 45 days to fix it before announcing the vulnerability to the world.

But now CERT plans to sell this sensitive information to those willing to pay big bucks (and be sworn to secrecy). To get this info, you have to pay $2,500 to $70,000 to join the Internet Security Alliance (ISA), a group just formed by CERT, SEI and the Electronic Industries Alliance trade association. Nasdaq and the Mellon Financial Group are said to be among the founding ISA members.

Why should we taxpayers pony up $3.5 million -- which is what we gave CERT last year via the Defense Information Systems Agency and General Services Administration -- if CERT is now selling information?

CERT Coordination Center team leader Shawn Hernan says CERT's employees already do paid work for corporations and this simply represents a broadening of those activities.

Of course CERT has every right to try to get the earliest drop on security bugs and sell them. But the question is, should taxpayers subsidize this? Why not have the federal agencies that need the data join as ISA members instead of the government funding CERT?

Hernan says, "CERT is going to be able to do a lot more than it has in the past with this funding. We're not trying to double-dip the federal government."

CERT's not a crook. In fact, the American public owes CERT a debt of gratitude for its work over the years. But the old CERT is gone. The Internet, too, was once subsidized by the federal government until it became apparent the world would pay for IP services. That day may be approaching for CERT, too.


Sponsored Links

Workflow Enabled Help Desk & IT Service Management
Automate service desk activities and integrate processes across IT. Learn more here.
Experience The Benefits Of Intel® vPro™ Technology
Get Built-In Security And Remote Management Capabilities. Meet Critical Business Challenges.
Rebates On Motion Computing C5 Tablet PC!
SYNNEX RESELLERS – This Mobile Clinical Assistant Is Perfect For Any Health Care Provider.
Instant Rebates On LENOVO Products @ Synnex!
SYNNEX RESELLERS-Check Out The Savings On Lenovo ThinkCentre Desktops And The 3000N Series Notebook!
FREE Application Discovery Tool from Sophos
Scan your network for VoIP, IM, games and other potentially unwanted applications.
» Buy a link now

Advertisements
Sponsored links
Locate Hidden Software on business PCs with this free tool
KODAK i1400 Series Scanners stand up to the challenge
Top 5 Reasons to Combine App Performance and Security
Bring harmony to your mix of UNIX-Linux-Windows computing environments
Home  IT Management Customer service Information technology consultants Risk management Security audit services
www.itworld.com    open.itworld.com     security.itworld.com     smallbusiness.itworld.com
storage.itworld.com     utilitycomputing.itworld.com     wireless.itworld.com

 
Contact Us   About Us   Privacy Policy    Terms of Service   Reprints  

CIO   Computerworld   CSO   GamePro   Games.net   Industry Standard   Infoworld   ITworld  
JavaWorld   LinuxWorld  MacUser   Macworld   Network World   PC World   Playlist  

DEMO   IDG Connect   IDG Knowledge Hub   IDG TechNetwork   IDG World Expo  

Copyright © Computerworld, Inc. All rights reserved

Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.