Common IT Security Alert systems

While researching and looking at various IT security companies like F-Secure, ISS, McAfee or even companies like Microsoft, Oracle or other companies, there was one thing I noticed and felt very strongly about. Every company has their own ways to rate a particular threat or vulnerability. For example, Microsoft labels vulnerabilities, threats as Critical, Important, Moderate, etc; McAfee rates as high, medium, low, etc; ISS has different AlertCons (Alert Conditions) from 1 to 4. Although it means the same, but it takes some work to translate into a common understanding of levels. Here again every individual company have different transalations. No major problems in there.

But here's the major issue that I see. Every company rate a threat differently. For example for a vulnerability / threat, Microsoft may rate it as Important but, ISS may rate it as AlertCon 2, or McAfee might rate it as Low or Medium and some other company might rate it as something else. How do we as end users / companies understand the gravity. We again have to spend time analysing it and patching as necessary. Wouldn't it be great if there is a consortium to rate every threat at a common level. Although I admit that it won't be easy given the different operating environments every company has, but it won't be difficult is my take on it.

I am going to try and analyse some of the threats and vulnerabilities and try to rate them at a certain level and develop a standard around it so that it would be easy for all to relate to their enviroments. I will see how much time I can spend on this, as I also have to earn my livelihood. But moving forward, I aim to make security consulting and analysis as my primary occupation.

As always, comments and intents of contributions are welcome.

Celebrating Golden Jubilee of my posts

I know this is way out of context and does not really gel well with the subject of my weblog. But so do (don't) the previous 2. It's just that I am not able to concentrate hard and those two subjects (in addition to this) were too good to let pass. I had infact decided to mention my 50th post separately, just to commemorate 50 posts and 3 years of sporadic blogging. I have been much more active for the past couple of months. Mainly due to regular working hours and peace of mind. I intend to use a content manager to manage the content and post relevant topics on my blog, mainly related to spyware, adware, virus outbreaks and overall protecting the computers and networks.

Long Live the Indian Republic

Today is India's 58th independance day. On 15th August 1947, India threw away the shackles of British Rule and began its tryst with destiny. In these short 58 years India has risen to number 12 in the list of world top economies. Of course the list is 5 years old and this definitely would have changed by now. But the point is India is ahead of the "rich" countries. But the aim should be to topple the top countries and not rest on the laurels. Yes, we can admire our growth, but to reach the top echelons we need to better utilise the public money and be purposeful about developing our villages and capitalise on our strenght - Agriculture. IT and technology can definitely accelerate growth, but only agriculture and food for people can sustain the accelaration. One of the reasons why India survived the South East Asian economic downturn in late 1990's without a single scratch is because it's economy is dependant on agriculture and not technology. And for India to become a major superpower, it has to remain that way. We cannot dominate the world if we have to buy our food from other countries. And yes, now we have to talk about dominating the world, not with military might, but with our Brain Power. We have talked long enough for brotherhood and equality for long and it has been seen as India's weakness and not courage. Time has come to really wake up the sleeping giant that is India represented by a gentle elephant!!

Jai Hind!!!