IBM, Sun, HP support open security standard

On Tuesday, several technology companies announced plans to create an open standards relational database of secure file signatures in an effort to provide safer computing for their customers.

The initiative – spearheaded by Tripwire Inc., an integrity management solutions company based in Portland, Ore.- also includes support from Hewlett-Packard Co., IBM Corp, Sun Microsystems Inc., InstallShield Software Corp. and RSA Security Inc.

The six charter members unveiled a proposed common standard -the File Signature Database (FSDB) – to represent known-good file information of cross vendor data, said Wyatt Starnes, founder, president and CEO of Tripwire.

The group also announced plans for a schema to guide the files and preserve the integrity of the complex data.

“Having verifiability and tractability of the basic good state of data as it exists on important network components such as servers, firewalls, routers and switches and other network devices is really crucial,” Starnes said.

FSDB is a repository of file metadata taken from published software allowing customers to identify, authenticate and assure the integrity of files. It also provides the ability to enhance proactive management of change through granular file dependency structure, Tripwire said.

With about 11 million known-good file signatures to date, this endeavour is something that Tripwire has been working on for the past three years and is something that Starnes called a “labour of love.”

The database consists of “born-on” file information, including file names and digital hash values which provides a unique file signature archive crossing multiple operating systems and application programs, Starnes said. Members of the repository will update the database as new software is manufactured and released.

“This will enable safer, more secure, more reliable and more dependable IT environments,” Starnes said.

Crucial to the success of the FSDB is bringing multiple vendors together, Starnes said.

“All the vendors realize the power of collaboration of solving this demand,” he added.

“The IT industry is at a major transition point. Our customers in every market sector are facing similar major issues. They need to deliver more IT capacity, they need to do it with fewer resources and they need to deliver capacity in a more secure, reliable and predictable way. That is, they need to drive IT management from what has been largely a reactive process to a much more proactive process,” he said. “Customers need to get operational control of their IT environments. To cap it all off, they need to deliver those promises.”

Starnes said that standards are “extremely important” for moving the industry forward.

Tripwire said that delivery models for the FSDB content are being developed and it is anticipated that an open-standard FSDB Web service will be made available through the Internet the first half of 2004.

Tripwire is online at