Security Watch

I n the computer industry, standards play an important role by enforcing security baselines and enabling compatibilities among products. In the early days of computing, lacking common agreements, problems ensued with floating point configurations, ASCII vs. EBCDIC encoding battles, and little vs. big endian data mixups. Such issues, especially when they affect data integrity, can pose a security risk. In the best of worlds, standards provide a neutral ground where methodologies are established that advance the interests of manufacturers as well as consumers, while providing assurances of safety and reliability. At the opposite extreme, standards can be inappropriately employed to favor some vendors’ products over others, make competition costly, and encourage mediocrity over innovation, all of which can have negative effects on security. In this column, I consider the current standards environment and offer some suggestions for its increased understanding and improvement. A host of computer security standards currently exist, including those for general use like the