Curtains for COAST?
The non-profit Consortium of AntiSpyware Technology vendors (COAST) says it was established "to create a forum in which members can collaborate on a wide range of projects designed to increase awareness of the growing spyware problem facing everyone using the Internet." But several recent defections suggest infighting over what to define as spyware is pushing the group close to collapse.
Computer Associates (CA) of Islandia, N.Y., and Boulder, Colo.-based Webroot Software both issued statements this past week announcing their withdrawal. If Webroot's statement is any indication, concern abounds that the group has strayed from its original course:
"Of late, we have become concerned that COAST is moving in a direction with which we cannot agree," the company said. "We have long championed an open dialog among antispyware solutions on standards criteria for defining spyware. However, we are not comfortable with the idea of COAST as a certification body or as a marketing tool for member companies. These concerns required Webroot to re-assess our affiliation with COAST and after careful consideration, Webroot is resigning from COAST, effective immediately."
Sam Curry, vice president of eTrust security management at CA, said, "We are withdrawing from COAST because we believe the organization no longer has the ability to create a consensus for effective antispyware standards."
Lake Mary, Fla.-based
VoIP security alliance forming
An alliance of security vendors is forming in an attempt "to identify and mitigate" security risks associated with the Voice Over Internet Protocol (VoIP).
Charter members of the VoIP Security Alliance (VOIPSA) include Tenable Network Security, TippingPoint, 3Com, Alcatel, Codenomicon, Enterasys, Insightix, NetCentrex, Qualys, Sourcefire, Spirent, Symantec, Ernst and Young's Guiliani Advanced Security Center, Southern Methodist University, and the SANS Institute. A complete list of members is available here.
"Despite the advantages of VoIP, if the technology is not implemented properly and securely, we will likely circumvent existing security controls and expose our networks," Brian Kelly, director of Giuliani Advanced Security Center at Ernst & Young, said in a statement. "This alliance is an important initiative to help us leverage the technology while understanding and managing the risks."
The announcement comes a week after the National Institute of Standards and Testing issued a report that current VoIP telephony was more insecure than conventional telephone systems and advised enterprises to proceed with caution when making the switch to an Internet-based system.
Webroot secures $108 million in funding
Boulder, Colo.-based antispyware provider Webroot Software Inc. has secured $108 million in funding from a syndicate of venture capital firms, including Technology Crossover Ventures (TCV), Accel Partners and Mayfield. In a statement, Webroot said proceeds from the investment will be used "to fuel the company's go-to-market strategies in enterprise spyware and other security solutions, as well as Webroot's expansion into new international markets."
"Three years ago, the plague of spyware was a gathering storm that few security firms took seriously. Webroot not only gave it serious attention, but also dedicated the necessary resources to develop the most respected solution on the market today," said David Moll, CEO of Webroot. "This investment represents both an acknowledgement of that vision, as well as a bet on our future leadership in thwarting the dangerous emergence of spyware in enterprises around the world."
New threat intelligence service targets XML Web flaws
Salt Lake City-based Forum Systems is now offering what it calls the industry's first single-source threat intelligence service for XML Web services vulnerabilities.
"Forum VulCon (Web Service Vulnerability Containment) concentrates on delivering up-to-date notification of XML- and Web services-related threats with actionable suggestions for effective countermeasures," the company said in a statement. "VulCon has already aggregated over 100 of these potential exposures to popular systems and applications. This announcement represents the first step in Forum's Automated Threat Response Initiative to reinvent the delivery of vulnerability data, policy updates and software upgrades to its products."
VulCon reports can be delivered as e-mail alerts, through Internet portals or through Web Service API and RSS feeds. VulCon is available immediately as a free subscription service, the company said. More information is available here.