IT vendors should improve default security settings in their products, a committee of the National Cyber Security Partnership Task Force (NCSP) said in a set of recommendations it has released on technical standards.The NCSP’s Technical Standards and Common Criteria committee released its cybersecurity recommendations Monday, with the group of academics, government officials, IT vendors and customers asking vendors to provide stronger “out-of-the-box” security configurations and to support at least one configuration profile that provides a baseline security level.The 104-page committee report, is intended to put more pressure on vendors about default security settings and raise awareness about best practices and security audits, said Mary Ann Davidson, chief security officer at Oracle, and cochairwoman of the committee. The committee is hoping to move the debate away from advice that vendors may or may not choose to follow, she said.“We’re trying to change the dynamic to, ‘Vendors ought to do this,'” she said. Her committee, which worked on the recommendations for about four months, revised its work to give the recommendations stronger wording, she said.Among the recommendations: — Vendors should provide more substantive security recommendations, configuration checklists and best practices to customers.— The U.S. government, user groups and customers should encourage more independent security evaluations of IT products.— The U.S. government should help offset the costs of an IT vendor going through a Common Criteria security evaluation through tax credits or other methods.— The U.S. government should fund the development of code-scanning tools that detect flaws in software code.But many of the recommendations place the responsibility for cybersecurity on vendors. “As an industry, we corporately need to do a better job of security infrastructure,” Davidson said.Davidson plans to take the recommendations, as well as others from NCSP, back to Oracle to see how her company can improve security, she said. “This is not done, we’re not thinking, ‘We’ve issued a report and we can go home,'” she added. “Most of us want to take it to the next level and show concrete progress.” The National Cyber Security Partnership was established to develop shared strategies and programs to better secure and enhance America’s critical information infrastructure, following the release of the White House National Strategy to Secure Cyberspace in February 2003 and the National Cyber Security Summit in December. The partnership is led by TechNet, the Business Software Alliance, the Information Technology Association of America and the U.S. Chamber of Commerce. Related content news EU approves $1.3B in aid for cloud, edge computing New projects focus on areas including open source software to help connect edge services, and application interoperability. By Sascha Brodsky Dec 05, 2023 3 mins Technology Industry Technology Industry Technology Industry brandpost Sponsored by HPE Aruba Networking Bringing the data processing unit (DPU) revolution to your data center By Mark Berly, CTO Data Center Networking, HPE Aruba Networking Dec 04, 2023 4 mins Data Center feature 5 ways to boost server efficiency Right-sizing workloads, upgrading to newer servers, and managing power consumption can help enterprises reach their data center sustainability goals. By Maria Korolov Dec 04, 2023 9 mins Green IT Servers Data Center news Omdia: AI boosts server spending but unit sales still plunge A rush to build AI capacity using expensive coprocessors is jacking up the prices of servers, says research firm Omdia. By Andy Patrizio Dec 04, 2023 4 mins CPUs and Processors Generative AI Data Center Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe