[ISN] CERT: The Next Generation

From: InfoSec News (isnat_private)
Date: Tue Apr 24 2001 - 00:40:35 PDT

Next message: InfoSec News: "[ISN] Curador's Victims Included 'Bill J. Clinton'"

Previous message: Marjorie Simmons: "[ISN] Computer sabotage case back in court"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.infowarrior.org/articles/2001-03.html

CERT: The Next Generation
The Demise of the Internet's Last Objective and "Trusted" Organization
Richard Forno <rfornoat_private>

Article 2001-03 (c) 2001. All rights reserved.

21 April 2001

The Morris Worm incident of 1988 paralyzed the Internet during its
days as a purely academic and research system of systems uncluttered
by banner ads, instant messaging, Flash animations, and e-commerce. As
a result of this first major security issue on the fledgling global
network, the Department of Defense looked to establish a security
capability to research and advise the network community on emerging
security threats, trends, and vulnerabilities.

In 1988, the task was assigned to the Carnegie-Mellon University's
Software Engineering Institute, one of the Pentagon's Federally-Funded
Research and Development Centers (FFRDC). From this task CERT/CC was
born. (FFRDCs are government research centers that receive federal
money (taxpayer money) to support its research activities.) Once the
CERT/CC was established, it became the self-declared central authority
on all Internet security issues. As a result, government, the media,
and IT community thus accepted the CERT/CC as the Vatican of
Vulnerabilities whose imprimatur (approval) of a vulnerability by
generating an advisory confirmed the issue's legitimacy in the eyes of
the IT community. For small businesses without dedicated security
staffs, CERT advisories are often the only security information they
had access to.

However, recent announcements by the CERT/CC regarding its venture
into the commercial services market raise some questions that this
article will address, including how effective this new organization
will be, and evaluating the legitimacy, allegiance, and effectiveness
of the CERT/CC now that it is in the commercial arena instead of an
academic mode supported by federal funds from the American taxpayers.

[...]

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERVat_private with a message body of
"SIGNOFF ISN".

Next message: InfoSec News: "[ISN] Curador's Victims Included 'Bill J. Clinton'"
Previous message: Marjorie Simmons: "[ISN] Computer sabotage case back in court"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Apr 25 2001 - 01:11:18 PDT