[attrition] Open Security Foundation Launches New Cloud Security Project

security curmudgeon jericho at attrition.org
Thu Jul 29 00:44:57 CDT 2010



---------- Forwarded message ----------
From: Richard Forno <rforno at infowarrior.org>

Open Security Foundation Launches New Cloud Security Project

Posted by jkouns 12 hours ago

http://blog.osvdb.org/2010/07/27/open-security-foundation-launches-new-cloud-security-project

The Open Security Foundation, providing independent, accurate, detailed, 
current, and unbiased security information to professionals around the 
world, announced today that it has launched Cloutage (cloutage.org) that 
will bring enhanced visibility and transparency to Cloud security. The 
name Cloutage comes from a play on two words, Cloud and Outage, that 
combine to describe what the new website offers: a destination for 
organizations to learn about cloud security issues as well as a complete 
list of any problems around the globe among cloud service providers.

The new website is aimed at empowering organizations by providing cloud 
security knowledge and resources so that they may properly assess 
information security risks related to the cloud. Cloutage documents known 
and reported incidents with cloud services while also providing a one-stop 
shop for cloud security news and resources.

"When speaking with individuals about the cloud, to this point it has been 
a very emotional conversation. People either love or hate the cloud," says 
Jake Kouns, Chairman, Open Security Foundation. "Our goal with Cloutage is 
to bring grounded data and facts to the conversation so we can have more 
meaningful discussions about the risks and how to improve cloud security 
controls."

Cloutage captures data about incidents affecting cloud services in several 
forms including vulnerabilities that affect the confidentiality and 
integrity of customer data, automatic update failures, data loss, hacks 
and outages that impact service availability. Data is acquired from 
verifiable media resources and is also open for community participation 
based on anonymous user submissions. Cloud solution providers are listed 
on the website and the community can provide comments and ratings based on 
their experiences. Cloutage also features an extensive news service, 
mailing lists and links to organizations focused on the secure advancement 
of cloud computing.

"The nebulous world of cloud computing and the security concerns 
associated with it confuses many people, even IT and security 
professionals," says Patrick McDonald, a volunteer on the Cloutage 
project. "We want a clearinghouse of information that provides a clear 
picture of the cloud security issues."


More information about the attrition mailing list