The Voice over IP Security Alliance (VOIPSA) today released what it claims is the first comprehensive list of Voice over IP (VoIP) security threats.
The results, dubbed the VoIP Security Threat Taxonomy, are designed to provide the industry with a clear view of VoIP threats, vulnerabilities and, somewhat pragmatically, a “context for balancing trade-offs”.
“The importance of this accomplishment is that it gives a foundation to all future discussions on VoIP security that are both technically and socially informed. Until now, the public has been uncertain about the various threats, how risks related to each other and technical trade-offs. This is fundamental to all future work in the field.” said Jonathan Zar, secretary and outreach chair for VOIPSA, head of the taxonomy project and senior director for SonicWALL.
In the taxonomy VOIPSA said it aims to provide core definitions that give specific meaning to privacy and security, in addition to creating a framework that connects public policy and technology issues.
The organisation also stressed the importance of recognising the human element in threats as distinct from purely technical considerations.
David Endler, chairman of VOIPSA and director of security research for 3Com’s TippingPoint division, said: “The Taxonomy Project is a significant accomplishment and will help shape the future work of VOIPSA and the industry. We expect to deliver the results of our next project, a list of security requirements, by the end of the year.”
The project, launched in late March, aims to improve public awareness of issues and best practices for securing Voice over IP. VOIPSA invites participation in the new project in the form of comments, feedback and discussion. Live portions of the VoIP Security Threat Taxonomy are now available for discussion by registering through links posted below.