On Mon, 14 Jan 2008, Paul Ferguson wrote:
Instead of being an apologist for the problem, how would _you_ suggest we address these process, procedural, and organizational issues?
If you look in the archives, in the past I've listed the things that seem to be needed for those organizations to succeed. Over the years, I've worked with people to launch new groups, such as ISP-ISAC, INOC-DBA, NSP-SEC, GIAIS and a few more. Some more sucessful than others. Some won't admit me as a member anymore :-) What are you trying to do? Look at old security incident groups like CERT/CC, FIRST, NRIC and NSIE that have been around since the late 1980's/early 1990's. Look at the middle-age groups like BORG, CIX, IOPS, ISPSEC, LINX, NANOG and RIPE. And a bunch of temporary Y2K groups. Look at the new groups like APWG, DA/MWP/etc, DDOS-WG, GIAIS/MVI/VIA/SCP/MSSA, MAAWG, NSP-SEC, SECSAC/RSSAC, lots of *-ISACs. I left out the academic or government only groups, there are soo many. If you want to share information, there are lots of ways to do it. Information does tend to move between the groups, unless you explicitly say don't share the information. The government folks are convinced that industry leaks, while the industry folks are convinced that government leaks. If you want to get people in a room so you can yell at them about the lousy job they are doing, that's less useful. Of course, in a few weeks, someone else will probably be yelling about ISPs interfering with their right to do something or other.