The VoIP Security Alliance (VOIPSA) released its security framework, which the alliance hopes is an accomplishment that will help the industry identify and mitigate potential threats to voice over IP (VoIP) technology. The VoIP Security Threat Taxonomy is a framework of core concepts that describe potential threats in several categories, including social threats, eavesdropping, communication interception and modification, intentional interuption of service, and unintentional interuption of service.
VOIPSA is a vendor-neutral organization, which now includes over 100 members including makers of VoIP solutions, information security companies, as well as other interested organizations and individuals. The alliance was launched in February 2005. The effort to develop the framework began in March.
"The importance of this \[framework\] is that it gives a foundation to all future discussions on VoIP security that are both technically and socially informed. Until now, the public has been uncertain about the various threats, how risks related to each other and technical trade-offs. This is fundamental to all future work in the field.” said Jonathan Zar, Secretary and Outreach Chair for VOIPSA, head of the taxonomy project and Senior Director for SonicWALL.
The aim of the framework is to improve public awareness of issues and best practices. The alliance invites the public to participate by offering comments and to take part in open discussions. The framework is published in Wiki format where comments can be submitted for inclusion. The alliance also operates a mailing list for open discussion.