The IEEE Standards Group has today publicly announced the formation of the Industry Connections Security Group (ICSG), with the intention of improving collaboration between security vendors.
Sophos is joined as a founding member of the ICSG by our friends at AVG, McAfee, Microsoft, Symantec and Trend Micro. Now, of course, we and these companies have been sharing data behind-the-scenes on new malware threats for years. But it’s largely been a case of “here’s a large bucket full of the latest malware we’ve seen, get on with it.”
The ICSG group has put together an interesting presentation [PDF], that explains that although there are already lots of great working groups in the anti-malware industry that work together to counter the growing threat of cybercrime, the work has largely “not been standardised or documented in a format that lends itself to systematic improvement in operational efficiency, or visibility and review by people outside the vertical industries.”
The IEEE, though, is a well-known brand recognised for delivering standards and by forming the ICSG under their umbrella, we can make use of their existing infrastructure and invite non-traditional players to also participate.
Already the security group is improving the situation by developing an electronic delivery mechanism that not only shares the malware samples, but can also include useful information such as the website where the samples were found.
This kind of organised information sharing is important. As I described last month, the sheer number of unique malware samples we’ve seen in the last year is staggering. Just take a look at this graph from AV-Test.org, showing the number of unique samples in their collection:
You can find out much more about the current threat landscape in Sophos’s recently published Security Threat Report.