File security plan proposed
A group of vendors, led by US vendor Tripwire, has announced plans to develop a database that IT managers could use to verify the authenticity and integrity of the files built into packaged software.
Hewlett-Packard, IBM, RSA Security, InstallShield Software, and Sun Microsystems are also involved in the File Signature Database (FSDB) effort. The repository will store metadata about individual files created by each of the vendors, such as the file's name, a ‘born-on’ date and its digital hash values.
Corporate users then can check the software running on their systems against the ‘good file’ information contained in the FSDB to make sure that files haven't been improperly modified or corrupted by viruses, said Wyatt Starnes, president and CEO of Tripwire.
Although some software from vendors such as Sun, IBM and Microsoft lets users verify the integrity of files, there is currently no common way for users to do so across multi-vendor applications, Starnes said.
[ Read more ]