New Homeland Security Guidelines Called Vendor-Driven:
"A task force formed by the Department of Homeland Security is set to unveil a set of security recommendations this week for both enterprises and home users, but many industry observers say the guidelines are too little, too late. "

The guidelines are the work of the Awareness for Home Users and Small Businesses task force, formed late last year by DHS and private industry at the National Cybersecurity Summit. The group and several others formed at the same event are designed to help foster better cooperation between government and industry and to tackle topics such as creating early warning systems, writing secure software and bolstering security in corporate governance.

The groups mainly comprise executives from security and software vendors such as Oracle Corp., Microsoft Corp., RSA Security Inc. and Internet Security Systems Inc., as well as government officials and security experts in academia.

The recommendations, scheduled to be released Thursday, are intended as a follow-up to the National Strategy to Secure Cyberspace, released in early 2003 and widely panned in the industry for being long on platitudes and short on definitive action. The new offering reportedly centers on increasing users' awareness about security issues through education and communication.

"Because this is driven mainly by the vendors, it will be about blaming the users," said Alan Paller, research director at The SANS Institute in Bethesda, Md. "Private industry isn't doing its part to fix the problems we have with software and processes. It's like telling drivers to drive safely and not fixing the bumpers and the seat belts."

http://www.eweek.com/article2/0,1759,1549954,00.asp?kc=EWNWS031704DTX1K0000599