Advisories from groups like CERT, the Computer Emergency Response Team, don't go far enough, said Rob Clyde. The Axent vice president formed the Axent InfoSecurity SWAT team.
"Customers and we ourselves were frustrated because you can't get anything specific about what the problem is. They wouldn't want to tell details on how to reproduce the attack because then the bad guys would get it," Clyde said.
But Axent figures the bad guys already know how to mount attacks, based on the hundreds of hacker sites on the Net, so it will open its site to all comers.
"We find customers saying, 'Tell us what the problem is so we can tell what to do with it. If we can't see the attack, how do we know the fix will work?'" Clyde said. "We aren't trying to create a market that's not there. They're already aware there's an issue, and they're struggling with what they should do."
The SWAT team is something of a misnomer because it's just five researchers, not a police squad out to catch malicious crackers. SWAT's charter: Reproduce and anticipate attacks, then look for ways to prevent and detect them before serious damage is done.
"Attacks are often described long before they are ever launched--the Ping of Death denial-of-service attack, for example," Clyde said. The SWAT site, which currently exists as a private site for Axent employees and customers, will describe countermeasures as well as attacks. It opens on the Net July 10.
SWAT, Clyde admits, is not driven by altruism; the company hopes to earn marketing points for its efforts. But the company does the same research for its security products and consulting practice, so the public site will generate little extra work.
"The problem isn't the bad guys going out and getting this information. If you've got the time, it's there," he added. "The good guys don't have the time."