[VOIPSEC] State of VOIPSA -- humble musings

Rubino, Mark (Mark) mrubino at avaya.com
Fri Jul 17 15:21:58 EDT 2009

I am in agreement with Shawn's "humble musings".

VoIP security is changing.
In the past, VoIP and VoIP security was confined to IP based PBX's and
phones making calls across an IP network. VoIP is changing, integrating
into Unified Communications (UC). With this move (using SIP) the IP PBX,
phone and it's applications are now, and will continue to, interface to
many more services. Moving further on, what of the impact in the rise in
social network sites and applications that can be accessed from UC users
on the corporate network?

The traditional security concerns of data networking and VoIP security
are merging, changing and expanding. VoIPSA should lead the way in
updating, defining and stepping forward as the "go to" resource for
security information regarding these trends.

Mark R

-----Original Message-----
From: voipsec-bounces at voipsa.org [mailto:voipsec-bounces at voipsa.org] On
Behalf Of voipsec-request at voipsa.org
Sent: Friday, June 19, 2009 7:00 AM
To: voipsec at voipsa.org
Subject: Voipsec Digest, Vol 54, Issue 4

Send Voipsec mailing list submissions to
	voipsec at voipsa.org

To subscribe or unsubscribe via the World Wide Web, visit
or, via email, send a message with subject or body 'help' to
	voipsec-request at voipsa.org

You can reach the person managing the list at
	voipsec-owner at voipsa.org

When replying, please edit your Subject line so it is more specific than
"Re: Contents of Voipsec digest..."

Today's Topics:

   1. State of VOIPSA -- humble musings (Shawn Merdinger)


Message: 1
Date: Thu, 18 Jun 2009 12:22:13 -0400
From: Shawn Merdinger <shawnmer at gmail.com>
Subject: [VOIPSEC] State of VOIPSA -- humble musings
To: Voipsec <Voipsec at voipsa.org>
	<fb0927a80906180922w13bcaf3dw388d85c5af036720 at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

Hello List,

I have a few observations about the state of VOIPSA.  Perhaps by
bringing this to the list some awareness can be raised.  At the least I
expect to get flamed and crowned troll du jour.

First, the VOIPSA mailing list and blog are fairly active and provide
good resources and forums for discussing VoIP security.  That said,
other aspects of VOIPSA seem to me as stagnant at best, possibly

To wit:

Activities, Working Groups & Committees

1.  Threat Taxonomy - latest version is still the first one from
October, 2005 and the wiki doesn't work because of database errors.
2.  Security Requirements - no online content 3.  Best Practices - no
online content 4.  Security Research Committee - no online content 5.
Testing Committee - no online content


1.  VOIP Security Articles - latest article is from March, 2007 2.
Whitepapers - latest whitepaper is from November, 2006 3.  VoIP Security
Tool List - no indication when last updated.
Several key VoIP security tools not listed (HDM's WarVox for example)

As a 501(c)(3) non-profit, VOIPSA has potential for raising funds that
can support the growth, breadth and depth of VOIPSA as a top tier
resource.  And despite its current shortcomings, remains an
oft-mentioned resource.  If Google results mean anything to folks, bear
in mind that a search for "VoIP security" returns VOIPSA's homepage as
the very first search result, and the VOIPSA VoIP security tool list is

I'm not sure what the future holds for VOIPSA, but from my perspective
it is no longer, and has been for some time, the "go to site" for
current VoIP security information.




Voipsec mailing list
Voipsec at voipsa.org

End of Voipsec Digest, Vol 54, Issue 4

More information about the Voipsec mailing list