Verizon has launched an anonymous breach reporting website with ICSA Labs called VERIS in an effort to elicit and consolidate data on security threats that are often isolated in disparate information silos or that remain unreported entirely.
The portal is designed as a web application, and provides step-by-step instructions on how and what to document, as well as allowing those who are unfamiliar with the site to test drive the process with a dry run.
From the VERIS website:
"One of the most critical and persistent challenges plaguing efforts to manage information risk is a lack of data. We have little data because we do not share and while there are many reasons for this, doubts that it can be done in a practical, private, and mutually beneficial manner are chief among them"
"The VERIS framework, this incident sharing application, and the Data Breach Investigations Reports are all free tools we have created in order to help overcome these doubts and meet this challenge. It is our belief that they can fundamentally change the way we manage information risk."
The intent is to do more than aggregate information for research, as participants are able to generate reports that contain pooled information based on the nature and similarities with data from threats provided by other users.
The application is designed to encourage participation by offering anonymity to contributors. Many companies do not report lapses in security that may result in unwanted publicity or negatively impact shareholder confidence.
It will be interesting to see if the effort does in fact elicit more information on active threats, as unreported breaches leave other organizations susceptible to the same vulnerabilities, a fact that criminal networks have long exploited to their benefit.