Software companies, security vendors, and researchers last week launched the Organization for Internet Safety to develop a standard process for reporting software flaws. A draft plan due early next year will propose that researchers report flaws to vendors before going public and that vendors take all reports seriously. Details about vulnerabilities wouldn't be released for 30 days after a patch is published. Vendors such as @stake, Bindview, and Microsoft began this effort a year ago.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.