Is a community approach to IT security ever safe?
Back in February of this year we heard about security firm AlienVault's creation of the OSSIM standard open source SIEM (Security Information and Event Management) information base.
Described (arguably) somewhat hopefully by its makers as a new "de facto" standard mechanism for sharing cyber threat intelligence, the AlienVault Open Threat Exchange (OTX) system is free to all users of OSSIM (and the firm's own customers) as it aggregates, validates and publishes threat data. But where does this data come from and is it safe?
AlienVault says that the data originates from what it calls "the broadest range of security devices" across a community of more than 18,000 OSSIM and AlienVault deployments. The idea is that an attack on any single member of the community "alerts and arms" the entire community with "timely intelligence", so that all users can then (in theory) be ready to better manage a similar attack.