Sidebar: IT Vendor Consortia: Who They Are and Where They Stand On Security

Computerworld - Information Technology Association of America (ITAA)
Who they are: The ITAA's membership consists of more than 400 corporations throughout the U.S. and a global network of IT associations in 50 countries. The membership accounts for an estimated 94% of all the IT goods and services delivered in the U.S. and includes many of the country's largest IT vendors.

Where they stand: Stated information security principles:

• "The protection of the national information infrastructure must be based on the minimum amount of government (federal, state, and local) regulation as is feasible."


• "The cost of protecting the national information infrastructure must be kept to the lowest level possible commensurate with the threat and the consequences of attack."


• "Industry owns and operates the global information infrastructure and, as such, should have primary authority for information security requirements, design and implementation."


• "In protecting these resources, the specific and immediate priorities of government and industry are apt to diverge."


• "Industry will be guided by business considerations to protect itself against physical and cyber-attack as the threat to the information infrastructure evolves."


• "Information security measures must be commensurate with the threat involved; risks must be appropriately identified and managed but not magnified or embellished."

Business Software Alliance (BSA)
Who they are: Established in 1988, the BSA has programs in more than 60 countries worldwide. Its activities have focused primarily on intellectual property protection in general and combatting the piracy of software in particular.

Where they stand: The BSA supports the establishment of a federally mandated framework of security practices and nontechnology-specific benchmarks that commercial security products should meet, but it says it doesn't support a federal seal of approval for specific information security products or services.
The BSA also supports a greater focus on corporate governance, law enforcement and international cooperation, but it opposes "technology-specific government standards that would stymie the dynamic evolution of security tools."

Business Roundtable (BRT)
Who they are: The Business Roundtable is an association of 150 CEOs of leading user and vendor companies with a combined workforce of more than 10 million employees in the U.S., $3.7 trillion in annual revenues and a presence in every state in the nation.

Where they stand: Stated Security Task Force priorities are to:

• "Improve the quality and timeliness of threat information."


• "Develop new models of corporate leadership and collaboration."


• "Assess and improve existing security partnerships."


• "Work effectively with senior government leadership."


• "Coordinate efforts across industry sectors as homeland security issues evolve."

Proposed deliverables for BRT CEOs to help shape IT security marketplace include:

• Working with vendors to develop generally accepted standards for quality assurance in development of software and hardware.


• Preparing policy statements that products be shipped with security functionality turned on by default.


• Exploring an Underwriters Laboratory approach for IT security products so that buyers will know that products adhere to standards of safety and security.