The Center for Internet Security, founded in October, released PatchWork, a software tool that automates the process of finding the vulnerabilities and identifying needed patches. Its purpose is to assist companies that have not secured their systems to do so quickly. The tool can be downloaded from the CISecurity Web site.
According to the FBI, the Russian and Ukrainian hackers belong to a gang that has stolen credit card and other personal information from electronic banking and electronic commerce sites and extorted money from the operators of the sites. This type of hacker activity is the reason the centre was created, the CISecurity release said. The centre gives computer officials a chance to share the best available technical knowledge. Experts and users consult through the centre to prioritise the threats and develop a consensus defining the specific actions needed to shield systems and networks from those threats. The result is a benchmark that organisations can use to measure the security of their systems and those of their e-business partners.
The first CISecurity benchmark covers the Solaris operating system and is expected to be issued in June. CISecurity benchmarks for the other major operating systems are expected to be issued over the next six months.
Among the 150 members of the non-profit CISecurity are government agencies, banks, insurance companies, manufacturers, universities, computer service companies and consulting organisations. The first general meeting of CISecurity will take place on May 17 in Baltimore.
CISecurity can be found on the Web at http://www.cisecurity.org.