EU agency research advises sweeping security improvements
ISPs and developers should be held to account, says report.
A research paper commissioned by the European Network and Information
Security Agency (ENISA) has called for major changes to the way security is
currently handled, advising tighter regulations for developers and ISPs and
the foundation of an independent agency to monitor cybercrime.
The paper, prepared by a group of academic advisors from the universities
of Cambridge and Dresden, among others, looks at the current state of
security and puts forward a wide range of proposals to improve things, with
particular interest in the economic viability of the proposals.
The report
concludes with 15 separate recommendations, including higher standards of
openness in vulnerability and data loss disclosure, clearer and more
comprehensive patching of flawed software, measures to punish ISPs found to
be harbouring cybercrime, pan-European measures to monitor and prosecute
cybercrime and to compensate its victims, and greater caution in ensuring
new anti-cybercrime legislation does not impede the efforts of security
researchers and firms.
An overview of the report is at The Register here, with
comment on the Authentium blog here. The full paper, in
PDF format, is at ENISA here.
13 March 2008
Tags:
ENISA, cybercrime, isp, report.
del.icio.us 
digg this
0 comments
This month's VB100 test saw some major changes and a radical overhaul of the VB100 test methodology - for the first time allowing products to use their 'cloud' look-up systems. John Hawes has all the details.