Security group benchmarking Solaris
- By Diane Frank
- Nov 28, 2000
Center for Internet Security
A new collaborative security organization is preparing to release the first
in a wave of security benchmarks for commercial products widely used in
government, industry and academia.
The Center for Internet Security is a nonprofit
organization composed of more than 80 members from government agencies,
law enforcement, academia and industry. It plans to provide internationally
agreed-upon technical benchmarks and certifications, said Clint Kreitner,
chief executive officer of the center.
The organization will release a benchmark for Sun Microsystems Inc.'s
Solaris operating system before the end of the year.
Other benchmarking efforts include:
* The Institute for Security Studies at Dartmouth College is developing
a benchmark for the Linux operating system.
* The National Security Agency will soon come out with an initial benchmark
for Microsoft Corp.'s Windows 2000.
The CIS is based on the idea "that only through effective, systematic,
collective action do we have any hope" of combating security threats, Kreitner
said. "We cannot ignore the common good in the pursuit of self-interest."
Franklin Reeder, chairman of the center, added that "the role of the
center will not be to develop tools, but to certify tools."
Whether this certification will be similar to the
"Consumer Reports" model or more like the Underwriters Laboratories Inc. model is still under consideration, but the
center will partner with and build on work done by organizations such as
NSA, the National Institute of Standards and Technology and the Common Vulnerabilities
and Exposures project led by Mitre Corp., Kreitner said.
Federal members of the center include NIST, NASA, the Dahlgren Naval
Surface Warfare Center, the Defense Department's Computer Emergency Response
Team and the Treasury Department's Financial Management Service. Other government
participants include the Washington State Department of Health, the Canadian
Communications Security Establishment and the Royal Canadian Mounted Police.