Driving Excellence and Innovation in Security Response
ICASI intends to be a trusted forum for addressing international, multi-product security challenges. This trusted forum extends the ability of information technology vendors to proactively address complex security issues and better protect enterprises, governments, and citizens, and the critical IT infrastructures that support them. ICASI shares the results of its work with the IT industry through papers and other media.
A New Generation of Internet Security Challenges
Several trends are contributing to a rapidly evolving threat landscape, thereby presenting new challenges across the global IT infrastructure.
  • Attacks are increasing in their sophistication and complexity. In the matter of a few years, attacks promulgated via the Internet have rapidly evolved from disruptive worms and large scale viruses that were common between 1999 and 2003. Today's attacks, more complex and often difficult to detect, can target specific classes of users, even specific users, and gain access to and cause harm to valuable data.
  • The Internet is expected to continue growing at a tremendous rate. The number of users, the amount of IT infrastructure, and the number of activities and services that are migrating online are expected to effectively double the size of the Internet over the coming years.
  • The world economy and societies are becoming increasingly globalized. The IT infrastructure, its components, and its users increasingly originate from all corners of the world.
All of these trends result in exponential increases in complexity and interdependence that drive a need for a new generation of security response and engineering. The Industry Consortium for Advancement of Security on the Internet (ICASI) was conceived to proactively address this need.
  NEWS UPDATES   ALERTS & ADVISORIES

Nov. 5, 2009 — The Industry Consortium for the Advancement of Security on the Internet (ICASI) was approached several weeks ago by PhoneFactor regarding vulnerabilities affecting most major implementations of the Transport Layer Security (TLS) protocol, supporting the Secure Sockets Layer (SSL) protocol. Since that time, ICASI has been working with other IT vendors, representatives from Industry standards bodies (IETF), and developers within the open source community to understand the impact and help propose potential fixes along with mitigations that can be used to protect services impacted by this vulnerability.

ICASI continues to work with coordination bodies and other vendors to mitigate these vulnerabilities.

For press inquiries, contact: Ruth Cassidy, rcassidy@virtualmgmt.com.

For information on participating in ICASI technical discussions regarding this issue, contact: usirp_chair@icasi.org.

November 11, 2009
ICASI Advisory
Transport Layer Security (TLS) Man-In-The-Middle (MITM) Vulnerability
July 28, 2009
ICASI Vulnerability Alert
Vulnerabilities in Microsoft Active Template Library (ATL)