Open source security group born

Conspiracy of silence to be thwarted?

Four independent hacker and security expert groups have joined together to thwart software developers' attempts to make notifying the public about security flaws illegal. The new group claims its creation is necessary to protect freedom of information for the public about viruses, bugs and security issues in vendor software. Internetworked Security Information Service (ISIS) is the amalgamation of software security glitch watchdogs Alldas.de, Open Source Vulnerability Database, PacketStorm and Vulnwatch. Jan Guldentops, founding partner of open source security advocates Better Access Labs, said the new project will present a stronger front against software developers who are currently trying to prevent groups from naming and shaming security flaws. He said: "A number of vendors are trying to make bug tracking illegal. It's not good publicity and they like to keep a lid on things. ISIS is a good move. It's better for small groups to get together because the first thing a big enterprise does is sue you. Joining forces in this field could open things up." HP recently threatened to use US copyright law against security group SnoSoft for publishing information about a security hole in HP's Tru64 Unix operating system. Leaders at ISIS said they will never allow a company to become involved with the group as they do not intend to sell products and want information generated by the group to remain free.