[ISN] CERT: The Next Generation

From: InfoSec News (isnat_private)
Date: Tue Apr 24 2001 - 00:40:35 PDT

  • Next message: InfoSec News: "[ISN] Curador's Victims Included 'Bill J. Clinton'"

    CERT: The Next Generation
    The Demise of the Internet's Last Objective and "Trusted" Organization
    Richard Forno <rfornoat_private>
    Article 2001-03 (c) 2001. All rights reserved.
    21 April 2001
    The Morris Worm incident of 1988 paralyzed the Internet during its
    days as a purely academic and research system of systems uncluttered
    by banner ads, instant messaging, Flash animations, and e-commerce. As
    a result of this first major security issue on the fledgling global
    network, the Department of Defense looked to establish a security
    capability to research and advise the network community on emerging
    security threats, trends, and vulnerabilities.
    In 1988, the task was assigned to the Carnegie-Mellon University's
    Software Engineering Institute, one of the Pentagon's Federally-Funded
    Research and Development Centers (FFRDC). From this task CERT/CC was
    born. (FFRDCs are government research centers that receive federal
    money (taxpayer money) to support its research activities.) Once the
    CERT/CC was established, it became the self-declared central authority
    on all Internet security issues. As a result, government, the media,
    and IT community thus accepted the CERT/CC as the Vatican of
    Vulnerabilities whose imprimatur (approval) of a vulnerability by
    generating an advisory confirmed the issue's legitimacy in the eyes of
    the IT community. For small businesses without dedicated security
    staffs, CERT advisories are often the only security information they
    had access to.
    However, recent announcements by the CERT/CC regarding its venture
    into the commercial services market raise some questions that this
    article will address, including how effective this new organization
    will be, and evaluating the legitimacy, allegiance, and effectiveness
    of the CERT/CC now that it is in the commercial arena instead of an
    academic mode supported by federal funds from the American taxpayers.
    ISN is hosted by SecurityFocus.com
    To unsubscribe email LISTSERVat_private with a message body of

    This archive was generated by hypermail 2b30 : Wed Apr 25 2001 - 01:11:18 PDT