Governments push for secure software standard

NEWS Governments throughout the world are negotiating the first international standard for software security. If the Common Criteria (CC) is adopted, it will replace Europe's Itsec, the US' Tcsec and Canada's Ctcpec standards. According to Dr Robin Pizer, head of the UK's Itsec scheme, it will be more expensive for a vendor to test its software under CC. But once the tests are complete their results will be valid across the world. The International Standards Organisation (ISO) is to vote on CC in October. The scheme has tentative support from the EU, but no schedule has been set up to make CC compulsory. Speaking at a security workshop in London, Nigel Hickson, spokesman for the UK Department of Trade and Industry, said shifting to the new criteria will not happen without user support. "Mutual recognition is supported by governments, but we need to generate demand from users in the private sector. In two years, we will know if Common Criteria is a success," he said. Hickson added that if the standard was accepted by the ISO, he hopes it will be adopted by all of Europe's main trading partners. CC accredited vendors include Oracle and Cyberguard. Other vendors at have expressed fears that an open market in software evaluation could lead to business flooding to the US.