COUNTERPANE TAPS TOP INFORMATION SECURITY EXPERTS FOR ITS TECHNICAL ADVISORY BOARD

Stellar team to perform key critical review and advising function for innovative Managed Security Monitoring firm

San Jose, CA, October 10, 2000 - Counterpane Internet Security, Inc. announced today the formation of its Technical Advisory Board. The well-respected industry and academic leaders who comprise this board have the comprehensive knowledge and diverse experience necessary to grasp the full potential of Counterpane's services and provide the varied external perspectives essential to the company's continued growth and success. Members of the Technical Advisory Board are:

• Steven M. Bellovin, Fellow, AT&T Labs
• Matt Bishop, Associate Professor, Department of Computer Science, UC Davis
• Matt Blaze, Research Scientist, AT&T Shannon Lab
• Bill Cheswick, Member of Technical Staff, Lucent Technologies
• Dan Farmer, Security Researcher, Earthlink
• Dan Geer, Chief Technology Officer, @stake
• Dr. Bill Hancock, CISSP, Vice Preisident, Chief Security Officer, Exodus Communications, Inc
• Gary McGraw, Vice President, Corporate Technology, Cigital
• Carey Nachenberg, Chief Researcher, Symantec AntiVirus Research Center Symantec Corporation
• Peter Neumann, Principal Scientist, Computer Science Lab, SRI international
• Mark Seiden, Director, Securify Labs, Securify
• Adam Shostack, Director of Technology, Zero Knowledge Systems

"I am delighted that Counterpane is accountable to a panel of such eminent industry pioneers. Our service offering is greatly enhanced by their leadership experience in both the development and in the application of superior information security methods. This is an invaluable asset as we meet the challenge of remaining competitive in a fluid environment," says Bruce Schneier, Counterpane Chief Technology Officer and Co-Founder.

The new board works together synergistically and actively to provide advice, ask challenging questions, offer alternate points of view, and point out new opportunities that will serve Counterpane's current and prospective customers.

"Counterpane has done the hard work of combining a sound business plan with world-class technical and marketing expertise," observes Matt Blaze. "By being part of their advisory board and helping them provide the mission-critical security services that keep hackers out and intellectual property safe, I'm helping them create an environment where e-commerce can flourish."

The following brief biographies highlight the solid qualifications of Counterpane's distinguished Technical Advisory Board.

Steven M. Bellovin, one of the creators of USENET, received the 1995 Usenix Lifetime Achievement Award in recognition of both his intellectual achievement and his service to the Unix community. He and two colleagues began USENET in 1979, as a graduate school experiment, and today it hosts more than 10,000 newsgroups with millions of participants worldwide. He co-authored, with Bill Cheswick, the 1994 book Firewalls and Internet Security: Repelling the Wily Hacker, and he currently conducts research on the relationship between networks and security at AT&T Labs Research. Bellovin, who holds a Ph.D. in computer science from the University of North Carolina at Chapel Hill, served on a National Research Council committee on Information System Trustworthiness and is a member of the Internet Architecture Board. His body of research work is extensive, and many of his papers, as well as a few of his lectures, are available electronically.

Matt Bishop serves on the executive committee of the National Colloquium for Information System Security Education and on the editorial board of the Journal of Computer Security. He has participated in professional conference organization and given tutorials on UNIX security and how to write secure programs at the recent SANS Workshop entitled Securing the Modern University: Mission Impossible. A computer security researcher, he is especially interested in vulnerabilities analysis, the design of secure systems and software, network security, formal models of access control, and user authentication. His research projects explore such topics as the detection and prevention of security flaws in computer systems, computer security research history, denial of service attacks in a networking environment, and interactive distance learning. Bishop commented on the state of education in computer security in his 1997 keynote address to the National Colloquium on Information Systems Security Education, and at UC Davis he currently chairs his department's Information Technology Committee. He is also the University's outreach liaison for the USENIX Association.

At AT&T Laboratories, Matt Blaze studies the use of cryptography in computing and network security. His research focuses on the architecture and design of secure systems based on cryptographic techniques, analysis of secure systems against practical attack models, and finding new cryptographic primitives and techniques. He is the co-inventor of the field of "trust management" and leads the KeyNote project at AT&T Laboratories. His recent work and collaborations have led to the creation of new cryptographic concepts, including Remotely-Keyed Encryption, Atomic Proxy Cryptography, and Master-Key Cryptography. His research has also been influential in IP network-layer, session-layer, and filesystem encryption. Blaze has discovered weaknesses in a number of published and fielded security systems, including a protocol failure in the U.S. "Clipper" key escrow system. Blaze has been long been active in the debate on encryption and security policy, has testified before Congress several times, has participated in influential public-policy panels and reports, and created the Web resource crypto.com. He holds a Ph.D. in Computer Science from Princeton University.

A respected voice in the Internet security industry, Bill Cheswick has been a popular presenter at conferences around the United States, in Europe and as far away as China. Sponsoring organizations have included Compsec, SANS, San Antonion Usenic Security Conference, BCS Security Day, and the Bell Labs Science series. Cheswick designed one of the first firewalls, and with Steve Bellovin, he wrote the first full book on Internet security Firewalls and Internet Security: Repelling the Wily Hacker, which was published in 1994, and is now considered a classic. His research papers and recent presentations illuminate facets of secure Gateway design, intranet challenges, Internet attacks, and TeX and LaTex indexing, to name just a few topics. Employed for over twelve years at Bell Labs, Cheswick now runs an ongoing Internet and Lucent intranet mapping project with Hal Burch and Steve Branigan. Some of these maps are now available from Telegeography.

A researcher at EarthLink, the 2nd largest ISP in the world, Dan Farmer is currently engaged in the study of forensic computing and the analysis of large scale networks. Dan wrote or co-authored the COPS, SATAN, Titan, and TCT security software tools, as well as writing a variety of papers on different aspects of computer security. He has testified before Congress, appeared on virtually every major news media source, and in general lives the quiet life at home with his cat Flame.

Dan Geer has a long history in network security and distributed computing management as an entrepreneur, scientist, consultant, teacher, and architect. He has provided high-level strategy in email encryption and protection, strategic direction, and security research to industry leaders including Digital Equipment Corporation, OpenVision Technologies, and Open Market. And he has written extensively on large-scale security issues such as risk management, applications of cryptography, and Web security for The Digital Commerce Society, Securities Industry Middleware Council, the Internet Security Conference, and the USENIX Association. Co-author of the Web Security Sourcebook, Geer testified at the 1997 U.S. Congressional Hearings on Intelligence and Security. Geer is a member of the Board of Directors of the USENIX Association.

World-renowned computer network and security consultant and engineer, William Hancock, CISSP, has been in the industry 27 years, and has held management positions at Digital Equipment Corporation, Texas Instruments, Sohio Petroleum Company, and IBM before joining Exodus, a leading provider of complex Internet solutions. Hancock has written 26 books on networking and security, has participated in over 350 successful hacker prosecutions and designed some of the largest networks in the world, wallplate-to-wallplate. He is also Editor in Chief of Computers and Security magazine and author of over 3,000 articles.

Premiere research scientist Gary McGraw sets the direction for his company's software engineering and computer security endeavors. He is currently striving to bridge the gap between cutting-edge science and real-world applicability, and to transfer advanced technologies for use in the field. McGraw has written over fifty peer-reviewed technical publications, consults with major e-commerce vendors, and has served as principal investigator on grants from Air Force Research Labs, DARPA, National Science Foundation, and NIST's Advanced Technology Program. He is also the founder and leader of the Software Security Group. He has leadership and advisory roles in a host of professional organizations and is a noted authority on mobile code security. He has written and collaborated on numerous articles in trade and other publications, and with RST security expert John Viega, he writes a bi-monthly column on Software Security Assurance for Developers magazine. These will soon be published as a book. McGraw holds a dual Ph.D. in Cognitive Science and Computer Science from Indiana University and a BA in Philosophy from University of Virginia.

Carey Nachenberg is the chief researcher at the Symantec AntiVirus Research Center. He researches, designs and develops anti-virus, content-security and vulnerability assessment technologies for Symantec's award-winning line of products. Mr. Nachenberg has worked at Symantec for ten years as a software engineer and architect. He holds Bachelors and Masters degrees in Computer Science and Engineering from the University of California at Los Angeles. His Masters thesis covers the topic of polymorphic computer virus detection.

Award-winning scientist Peter G. Neumann is a Fellow of the American Association for the Advancement of Science, the ACM, and the Institute of Electrical and Electronics Engineers. At SRI he has focused on requirements for computer system security, reliability, safety and high assurance. He was also a research scientist in computer communication at Bell Telephone Labs, as well as a visiting lecturer at Stanford, Berkeley and University of Maryland. Neumann has been on three National Academy of Sciences studies, and he is currently a member of the U.S. General Accounting Office Executive Council on Information Management and Technology. He is a contributing editor and columnist for CACM, creator and moderator of the ACM Forum on Risks to the Public in the Use of Computers and related Technology and a cofounder of People For Internet Responsibility (PFIR, www.pfir.org). His book Computer-Related Risks is now in its fourth printing. Neumann holds AB, SM, and Ph.D. degrees from Harvard, and he received a Dr rerum naturarum from the Technische Hochschule, Darmstadt, Germany, where he was a Fulbright scholar.

Adam Shostack's mission at Zero Knowledge Systems is to make privacy on the Internet a reality, and Freedom, his secure, easy to use privacy software is a tantalizing development in that direction. He recently presented a paper with Scott Blake on their work creating the HackerShield vulnerability scanner. And his paper with Bruce Schneier, Breaking Up Is Hard to Do: Modeling Security Threats for Smartcards won Best of Show at the first Usenix workshop on Smartcard Technology. He has endeavored to make the Common Vulnerabilities and Exposures list a reality. And as leader of the core design team for Hackershield, he introduced innovations in security scanning, including scheduled scans, drill-down style reporting and RapidFire Updates, which have now become standard features in these products. Shostack is on the Board of Directors of the International Financial Cryptography Association.

About Counterpane

Counterpane Internet Security, Inc. was established in 1999 by entrepreneurial expert Tom Rowley and security technologist and author Bruce Schneier to address the critical need for increased levels of security services. Centered around a network of sophisticated Secure Operations Centers, staffed by expert security analysts, the Company provides 24x7 monitoring, as well as penetration detection, and response. Counterpane's Managed Security Monitoring services enable e-business to be conducted safely. The company is funded by Accel Partners, Bessemer Ventures, Goldman Sachs, and Morgan Stanley Dean Witter Equity Fund. Headquarters are located at 1090 La Avenida in Mountain View, California, USA. Phone: 650-404-2400, Fax: 650-903-0461, Website: www.counterpane.com.

###

Counterpane is a trademark of Counterpane Internet Security, Inc. All other companies, brand names or products are trademarks or registered trademarks of their respective companies.