[ISN] Internet Security Systems CTO Steps Down

From: InfoSec News (isn@private)
Date: Thu Jun 10 2004 - 02:44:11 PDT

  • Next message: InfoSec News: "[ISN] Apple security patch problems fixed"

    By Dennis Fisher 
    June 9, 2004    
    Chris Klaus, the founder of Internet Security Systems, has decided to
    relinquish his role as chief technology officer, but is staying on
    with the company in the newly created position of chief security
    Chris Rouland, formerly the director of the X-Force security research
    team, is Klaus' handpicked successor as CTO.
    Klaus founded Internet Security Systems Inc. in 1994 on the strength
    of his Internet Scanner tool, one of the first vulnerability scanners
    on the commercial market, and built the company into one of the more
    formidable pure security vendors in the industry.
    Its product line now includes a variety of security appliances,
    intrusion detection software and a central management console.
    In his time as CTO, Klaus has been involved in setting the company's
    overall strategic technical direction and has also served as the
    public face of ISS, based in Atlanta.
    A company spokeswoman said Klaus will remain involved in the technical
    side of the company but will hand over the day-to-day duties to
    No reason was given for Klaus' decision to give up the CTO position.
    The ascension to CTO is a major step up for Rouland, who is widely
    respected in the security industry and considered to be one of the top
    researchers around.
    Under Rouland, the X-Force has evolved from an internal team doing
    vulnerability research into a core part of the company's services
    offerings via the X-Force Threat Analysis Service.
    The team now concentrates on doing analyses of current and future
    threats and vulnerabilities and looking for trends to help enterprises
    ward off attacks.
    Rouland also was instrumental in the decision by ISS to publish its
    internal vulnerability disclosure guidelines in 2002. At the time,
    there was a lot of publicity surrounding disclosure and how much
    information was too much to include in security advisories.
    ISS had been criticized by some in the security community for
    releasing information before patches were ready, and the company
    decided to publish its disclosure guidelines in order to make clear
    the way it operated.
    ISN mailing list
    Sponsored by: OSVDB.org - For 15 cents a day, you could help feed an InfoSec junkie!
    (Broke? Spend 15 minutes a day on the project!)

    This archive was generated by hypermail 2b30 : Thu Jun 10 2004 - 03:56:13 PDT