The Cyber Security Industry Alliance this week said there was a crisis in security R&D funding in the US, and expressed serious concerns that the President’s Information Technology Advisory Committee has been dissolved.

At the same time, security thought leaders were praising the government’s successes in using its purchasing power to compel software vendors, including Microsoft Corp, to increase the security of their products.

CSIA said it was concerned that PITAC, which earlier this year recommended the National Science Foundation’s internet security R&D funding should be upped to $90m, was quietly allowed to disappear in June without a clearly named replacement.

The executive order authorizing PITAC was allowed to expire, it was not necessarily a deliberate act, CSIA executive director Paul Kurtz told ComputerWire. The reasons are unclear. The important point is that allowing it to expire without saying how they intend to address this issue is not a good thing.

Kurtz said he is hopeful that the revamped Department of Homeland Security, which under its new leader has a newly created assistant secretary for cyber security and telecommunications position, will fill the void.

But he also said he had heard, a few weeks prior to the creation of the assistant secretary position, that the DHS would have its cybersecurity budget cut for fiscal 2006, although that is by no means confirmed.

While the government not putting enough money into R&D is going to have long-term consequences for the country, it’s not just about money, it’s about having a vision, said CSIA’s Kurtz.

CSIA urges adoption of PITAC’s final recommendations, and Kurtz said he hopes the DHS will take advantages of the provisions in the legislation that created it that allow it to commingle federal and private sector funding for R&D projects.

At the same time as CSIA was making its recommendations, others in the industry were saying they were encouraged by the US government incentivizing software vendors to build more secure products.

Government has discovered its buying power is strong enough that it can require vendors to deliver common systems in safely configured formats, so that when it arrives it doesn’t have vulnerable services open, Alan Paller, research director of The SANS Institute, said in a press conference.

Paller later told ComputerWire that he expects the US Office of Management and Budget to make an announcement concerning the buying of a more-secure version of the Windows operating system before the end of the year.

The key idea is a really simple one. Vendors will develop safer systems if they have an incentive, Paller said. The federal buying power is over $65bn a year. So that’s the incentive.

Microsoft and Dell Inc won a $500m deal with the US Air Force in May based on their commitment to delivering a locked-down version of Windows that has stronger default configurations and fewer exploitable services enabled by default.

Paller said he expects the OMB will authorize other government departments to buy the same software from Microsoft. He even believes Microsoft may make this more-secure Windows available commercially at some point.