Four leading security vendors are to develop a new framework that aims to ensure interoperability across the broad range of their security tools, including anti-virus, authentication, encryption, and digital certification software.
The products included in the SecureOne framework cover safety concerns ranging from verifying both the source and integrity of Java Applets, ActiveX components and files received over networks, to encryption of data, authentication of users, control of user access to applications and hardware, blocking of viruses and management of digital signatures and identifications.
Part of the framework is a set of cross-licensing agreements between the four companies behind the effort, namely Security Dynamics and its subsidiary RSA Data Security, McAfee Associates and VeriSign.
The other part of the framework will be a set of APIs (application programming interfaces) that will be available to software developers in RSA's development tools, shipping in the fourth quarter, company officials say.
The APIs and specifications together will provide a comprehensive set of security software, that will make the exchange of sensitive data over enterprise networks and the Internet generally safer, company executives said.
Claiming to have a solid set of technical specifications already developed, the four vendors are now inviting other security software developers to rally around the framework in an effort to develop it into an industry-wide standard.
"Now it's time for the firewall vendors, encryption vendors and other anti-virus software vendors to step forward and embrace the framework," says Bill Larson, president, chairman and CEO of McAfee.
The invitation includes McAfee's anti-virus software rival Symantec, Larson says, which is currently suing McAfee, alleging that it knowingly pirated software code from its Norton CrashGuard PC software.
"We invite Symantec to endorse VIPER and include it in Norton," Larson says. "If they do, that would be super." McAfee's VIPER (Virus Interface for Protective Early Response) is a virus search engine. The company has now announced the VIPER Toolkit, which is a critical element of the SecureOne framework.
VIPER Toolkit is an API that will provide a mechanism for developers to call the McAfee VirusScan engine directly from their applications. Other programming interfaces that will be part of the framework are those for Security Dynamics' Enterprise Security Services; RSA's digital signature, cryptographic, messaging and transaction security engines; and VeriSign's developer kit.
At this time the SecureOne specifications have not been submitted to any standards bodies, which may happen at a later time, says Jim Bidzos, president of RSA.
Bidzos also said that the framework does not include specifications or applications to manage and administer enterprise-wide security systems based on the SecureOne framework.
"A single management solution is never going to work," Bidzos says.
Among the bundling and cross-licensing agreements being announced today are McAfee's plans to sell Security Dynamics' RSA SecurPC desktop encryption software with its VirusScan Security Suite. McAfee will also build RSA Digital Signature verification into its virus detection tools, and will support Security Dynamics' user authentication tools in several of its products. Meanwhile, Security Dynamics will bundle McAfee's VirusScan with its RSA SecurPC. The fruits of McAfee's and Security Dynamics' deals are expected to be available in the fourth quarter.
For its part, VeriSign will provide free Class 1 Digital IDs to customers purchasing McAfee's VSS for a six-month period, and will allow those customers to register for VeriSign certificates directly from McAfee's Web site.
Pricing for the SecureOne versions of the RSA tools, Bsafe, S/Pay, and S/Mail, has not yet been determined, says Lisa Landa, a spokeswoman for Security Dynamics.
"What we are trying to do is provide a framework for developing network security applications that can be deployed enterprisewide," Landa said. "There are two customers for this announcement. The independent and corporate developers using the toolkits to build applications, and business professionals who can take advantage of licensing agreements."