The organization is called The VoIP Security Alliance, it circulates VoIP security risks through discussion lists, white papers and research projects.
The VoIP Security Alliance is the first cross-industry association focussed on VoIP security. Participants include Avaya, Alcatel, VoIP newcomer Comcast, security companies Symantec, Qualys and 3Com division TippingPoint.
One goal of the group is clear up misconceptions about the technology. Deploying VoIP is the same as deploying traditional data networks.
However, VoIP introduces new requirements for IP networks, including a higher premium on quality of service so that voice conversations are intelligible, and on the privacy of voice data sent over the network, Endler said.
Deploying VoIP also raises the stakes for network outages, including DoS attacks, because organizations lose voice as well as network services in such attacks, he said. Imagine not being able to dial a 911 call center that uses VoIP inundated with VoIP spam.
The group researches information on VoIP vulnerabilities and promotes VoIP security tools.
It is backing research into VoIP security tools, including a "fuzzer" for the SIP protocol. The tool will be able to test SIP for vulnerabilities that could lead to attacks.
The group will also promote best practices for deploying VoIP, such as configuring VoIP gear and separating voice data from other data on so-called converged networks.
Individuals interested in joining the VoIP Security Alliance or subscribing to a VoIP security discussion list can visit The VoIP Security Alliance here.