In search of a standard for displaying security threat levels

GENEVA — A veteran security researcher today challenged the anti-malware industry to work on a standard way of assigning computer/Internet threat levels to present transparent helpful information to consumers and businesses.

During a presentation at the Virus Bulletin 2009 conference here, Fortinet project manager Bryan Lu discussed the current scenario where anti-malware vendor use different systems to display threat levels — either color-coded or using numbers and arrows — and suggested that vendors use existing data to make threat level indicators more useful and meaningful.

Lu argued that security vendors are already using sophisticated computation and logic to extract data from virus detections and spam e-mails but bemoaned the fact that only a part of this data is exposed to end users.

As explained by Gartner’s Greg Young, security vendors routinely offer different threat levels on the same day, which adds to confusion when businesses and consumers try to get a big picture view of the malware landscape.

To fix the problem, Fortinet’s Lu proposed a detailed system to compute a virus threat level, a spam threat level and a vulnerability threat level and made a strong argument that raw numbers can be computed to come up with a standard way of figuring out “severe,” “high,” “escalated” or “normal” threat levels.

“The vibrant security threat level indicators that end-users see on security vendors’ websites are certainly just the tip of the iceberg,” Lu said in a paper distributed at the conference.

“The underlying computation and logic shaped by the varying attributes comprises the much bigger part,” he added, noting that security vendors have already developed a standard way to extract the data on a “1 to 4″ scale.  However, Lu said only a part of this is exposed to the end user.

He presented a detailed way of figuring out the standard and called on security engineers in the audience fix one off the industry’s biggest confusion.