Details about major security breaches are often never reported to the outside world. Victims don’t want to expose vulnerabilities and potentially attract even more attacks in the future. As Verizon sees it, that leads to a lack of information sharing which could prove to be useful when guarding against potential threats to IT security. That’s why the company is today launching Veris, a new website aimed at collecting and sharing information on security breaches.
The website is aimed primarily at information security professionals who might be looking for some insights into a hacking attempt that their organization has experienced or for some intel to protect against any looming threats. Once logged on, users will be able to see a range of information shown on various charts and graphs and even a Veris wiki for information sharing.
The site plans to solicit breach information from users in the form of a questionnaire that will categorize the event and allow for easy comparisons based on the type of incident, the size of the company, and impact of the breach. Once the report is submitted, users will instantly be given a report that compares their incident with ones that are similar.
“With the VERIS Project, Verizon is publicly sharing data that we have spent years gathering through our data breach caseload,” said Peter Tippett, vice president of technology and innovation, Verizon Business. “We are sharing the aggregate data — and encouraging other companies to anonymously share their security-event data — to promote more dialogue and understanding of security incidents. The collective sharing of in-the-trenches security events offers us the opportunity to fundamentally change how we all manage risk.”
Anyone who volunteers information about a breach won’t risk exposing their company’s gaping security flaws. The site promises that all reported information will be kept anonymous and secure.