eWeek announced today that a consortium of product vendors (including Application Security Inc., KaVaDo Inc., Sanctum Inc., SPI Dynamics Inc. and WhiteHat Security Inc.) is being formed to address issues of web application security. (See the full article at: http://www.eweek.com/article2/0,4149,1529595,00.asp?kc=EWRSS03119TX1K0000594)
The article outlines various goals of the organization, including "to create a classification system for application security vulnerabilities, attacks and other threats." IMHO, that sounds pretty reactive, but the article also says that the group will work on, "the establishment of industry best practices in several areas, particularly secure coding." If anyone here has more substantive info about the consortium that they can and care to share, please pass it along. Cheers, Ken van Wyk -- KRvW Associates, LLC http://www.KRvW.com
