A new Application Security Industry Consortium (AppSIC) will help sysadmins make better security choices.
The group comprises 14 vendors, analysts and companies that buy, sell and use products, led by Security Innovation and including rivals Microsoft, Red Hat, Oracle and SAP.
Its chair, who is also director of security technology at Security Innovation, Herbert Thompson said AppSIC members will meet monthly to exchange ideas and vet papers to be issued under the AppSIC imprimatur.
"For instance," he said, "we'll publish the top 10 questions I'd need to ask my vendor on software security before I buy, and the kinds of answers you should expect. And we're going to help enterprises factor in security in their budgets, as well as help IT development groups increase software security."
Doug Jacobson, director of Iowa State University's Information Assurance Centre, welcomed the idea behind AppSIC. "The problem with security is, you are spending money to try and prevent bad from happening. It often doesn't add to the bottom line on the balance sheet, unlike other IT acquisitions where you add more computing power, more network bandwidth, more storage, which are easier to justify."
AppSIC is open to all comers and there's no membership fee to join.