Vendors bare souls, discuss vulnerabilities

No-one likes to admit they are vulnerable and it appears IT companies are just the same.

The continual cycle of finding and patching the latest software weakness is repetitively familiar to any IT manager. Yet there seems to be scant decrease in the amount of reported bugs, exploits and hacks.

No vendor can ever claim to be 100 per cent secure - the mere act of asserting complete security would be a red rag to the hacking community.

But most vendors have still been criticised at one time or another for suppressing information on their weaknesses and obstructing users from seeing the full security picture.

That's why today's announcement of a new independent forum for computer security is so welcome. The plan is to offer vendors a trusted environment where they can admit problems to one another and work together to solve them.

Just imagine for a moment - Intel, Microsoft, Oracle and Sun, sitting in the same room, swapping tales of their latest software blunder, sharing a cold beer or two.

Alright, it does sounds a little unrealistic but a similar forum set up in the US earlier this year does just that (maybe minus the cold beer). How effective it will be is not yet clear but it's certainly a start.

It's high time for the IT industry to grow up. The user community has needed this for a long time, and at a moment like this, we also cannot resist mentioning this is something we called for as part of our Fighting Fraud campaign in the spring.

If all this helps make the corporate network a more secure place, why not give it a go? Who knows, some vendors may even learn to love each other in the process. Although that's something we've never called for.