Antivirus specialist Symantec has joined a security organisation alongside Microsoft, despite having previously come to very public blows with the software giant over its willingness to share security information on Vista.
Announced at the RSA Conference Europe 2007 on Tuesday, Symantec and Microsoft will join the Software Assurance Forum for Excellence in Code (SafeCode), which claims to be a not-for-profit organisation aimed at increasing trust around IT. Other members include EMC, SAP and Juniper Networks.
Commenting on questions about the recent argument between his company and Microsoft over Vista application programming interfaces (APIs), Ilias Chantzos, Symantec's government relations manager for EMEA, said that the two organisations would co-operate in SafeCode in order to benefit customers.
"We have a multi-faced relationship with Microsoft and we are keen to work with them. That will ultimately benefit our customers. I see this relationship as complimentary rather than competitive," Chantzos said.
Last year, security companies, including Symantec and McAfee, complained that Microsoft had locked them out of the Windows kernel. The security vendors claimed that a kernel shield developed by Microsoft, called "PatchGuard" and intended to stop hackers attacking 64-bit versions of Vista, blocked their security products too.
Microsoft eventually agreed to provide security companies with access to the 64-bit APIs but didn't actually provide access until two months after it had officially relented.
Microsoft had long maintained that a complete lock on the kernel would provide the best operating-system security and stability, but it made concessions in response to antitrust concerns raised by officials in Europe and Korea.
SafeCode is being headed up by cybersecurity expert Paul Kurtz, who was one of the founding members of the Cyber Security Industry Alliance (CSIA) and a former White House National Security Council and Homeland Security Council member under Presidents Bush and Clinton.
Kurtz claimed that the organisation is the first global industry-led body aimed at the development and delivery of more secure and reliable hardware software and services.
Read this
Feature: Ten tips for securing borderless networks
With companies facing increasing deperimeterisation in today's world of online collaboration and remote working, protecting corporate networks can be a challenge...
"Where are the best practices? Everyone talks about them, but how do you find them? SafeCode is going to bring those best practices into one place so that government, consumers and businesses can make best use of them," said Kurtz.
Kurtz added that SafeCode will be assembling an advisory group of government leaders and critical infrastructure operators from around the world to help with its mission.
The organisation will be funded via a $50,000 (£24,000) membership fee levied on each of the members, Kurtz added.
"We want to be seen as an organisation that government and industry can turn to and say: 'Can you help us with this?'," said Kurtz.
Talkback
Going back to first principles, if you told a child about the cost of security wouldn't that child say that as Microsoft provides the entry points for the bad boys, they should bear the cost of keeping them out? Having presented users with a problem (and charged them for it) shouldn't MS sort it out once and for all? And, to re-use the old motoring analogy, if Ford produced cars with fuel leaks and continued to insist that customers should find and repair them at their own expense, would we continue to buy Ford cars? OK, we could buy other cars, but if we want Windows we have no option. Does that make it fair and reasonable?
The reason why Microsoft and Symantec may have decided to play nice on the security issue is exactly because of the question you raise.
Governments may be planning to introduce liability legislation around IT security so that a vendor who supplies a product that isn't up to scratch may face financial penalties. The threat of this kind of legislation is why we might be seeing the large IT suppliers and security vendors joining forces in this way - strength in numbers. The guy heading up the SafeCode group - was keen to point out that the group wasn't about lobbying but didn't denie that there were concerns about a legislative crackdown in this area.