As reported earlier Network Associates, Cisco Systems, and Lucent Technologies have signed on as the first members of a collaborative effort among major security research labs. Today Sun Microsystems joined the group.
SRA has three goals: encourage collaborative research, communicate security research findings to executives, and improve the chances that basic research findings will become commercial products.
Kevin Ziese, Cisco manager of security research, said vulnerability of the nation's infrastructure to cyber-terrorists, highlighted in the recent report of the President's Commission on Critical Infrastructure Protection, make a good starting point for security research efforts. President Clinton outlined a policy to fight cyber-terrorism last week.
"There is a lot of potential for well-constructed research to, at the beginning, identify problems and get ideas on how to solve them. Cisco wants to do infrastructure problems first," Ziese said today.
More blue-chip companies also may join. Discussions are under way with research labs at IBM, Hewlett-Packard, GTE, AT&T, and Intel, according to Terry Benzel, Network Associates' director of research.
"This is a whole new approach for advancing the art of state-of-the-art research," Benzel said. She described the consortium of security research labs as "vendor-neutral" and focused on research that will hit the market in two to five years. It will not become a standards body, although research efforts may ultimately influence standards.
The alliance is being unofficially encouraged by DARPA, the research arm of the U.S. Defense Department, a major funder of advanced security research.
"The government is demanding collaboration for most funding from DARPA," Benzel said. "They are looking for collaborative partnerships." But other influences are also at work.
"We see security research getting even more important with the Internet and electronic commerce," said H.M. Gittleson, director of Internet security products at Lucent, which now owns the renowned Bell Labs research operation.
But HP, for one, remains on the sidelines. Roberto Medrano, who runs HP's security business, last week questioned whether SRA will move beyond the "PR alliances" that have become common, on paper at least, in the security industry.
SRA will get started in earnest with a Los Angeles symposium on April 13, one day before the spring Internet World trade show opens.