[VOIPSEC] State of VOIPSA -- humble musings

Shawn Merdinger shawnmer at gmail.com
Thu Jun 18 12:22:13 EDT 2009

Hello List,

I have a few observations about the state of VOIPSA.  Perhaps by
bringing this to the list some awareness can be raised.  At the least
I expect to get flamed and crowned troll du jour.

First, the VOIPSA mailing list and blog are fairly active and provide
good resources and forums for discussing VoIP security.  That said,
other aspects of VOIPSA seem to me as stagnant at best, possibly

To wit:

Activities, Working Groups & Committees

1.  Threat Taxonomy - latest version is still the first one from
October, 2005 and the wiki doesn't work because of database errors.
2.  Security Requirements - no online content
3.  Best Practices - no online content
4.  Security Research Committee - no online content
5.  Testing Committee - no online content


1.  VOIP Security Articles - latest article is from March, 2007
2.  Whitepapers - latest whitepaper is from November, 2006
3.  VoIP Security Tool List - no indication when last updated.
Several key VoIP security tools not listed (HDM's WarVox for example)

As a 501(c)(3) non-profit, VOIPSA has potential for raising funds that
can support the growth, breadth and depth of VOIPSA as a top tier
resource.  And despite its current shortcomings, remains an
oft-mentioned resource.  If Google results mean anything to folks,
bear in mind that a search for "VoIP security" returns VOIPSA's
homepage as the very first search result, and the VOIPSA VoIP security
tool list is second.

I'm not sure what the future holds for VOIPSA, but from my perspective
it is no longer, and has been for some time, the "go to site" for
current VoIP security information.



More information about the Voipsec mailing list