Secure Coding mailing list archives
Security Standard Branding & Expectation Checklists
From: "Jared W. Robinson" <jwr () xmission com>
Date: Thu, 08 Jan 2004 02:00:54 +0000
Could a branding campaign be used to promote secure software? Various people have stated that the reason software isn't more secure is that consumers don't demand it. Some kind of a consumer-targeted branding campaign might help. The idea would be to put a sticker or a logo on software that met some level of security expectation. Customers could be educated to look for these stickers, and it would hopefully influence their purchasing decisions. There could be different levels of certification. The first one or two levels could be introduced to consumers first, and would raise the bar gradually. As the expectations were raised, new, more difficult levels would be introduced. I see that handling the security of software falls into three categories: 1. Prevention, 2. Detection and 3. Response. Most of what we discuss on this list falls into the first category. I think that consumers are most concerned about the last category -- response. Maybe the first (and easiest) level of certification could focus on the response process. Does the vendor include the ability to update the software (ala Windows Update)? And does that system use digital signatures to verify that the authenticity of the downloaded update? A second level of certification could start to focus on the prevention category. I'm sure privacy would fit in somewhere too. I'll stop there with my thoughts. What do you think? - Jared -- "It's a well known technology truism that [not] all of the smart people work for you, and that one of the surest ways to success is to get more ideas and more work out of people outside your own fences." - Tim O'Reilly
Current thread:
- Security Standard Branding & Expectation Checklists Jared W. Robinson (Jan 07)
- Re: Security Standard Branding & Expectation Checklists Brett Hutley (Jan 08)
- Re: Security Standard Branding & Expectation Checklists Crispin Cowan (Jan 08)
- Re: Security Standard Branding & Expectation Checklists Jared W. Robinson (Jan 08)
- Re: Security Standard Branding & Expectation Checklists Crispin Cowan (Jan 09)
- RE: Security Standard Branding & Expectation Checklists David Crocker (Jan 10)
- RE: Security Standard Branding & Expectation Checklists ljknews (Jan 10)
- Re: Security Standard Branding & Expectation Checklists Jeff Williams @ Aspect (Jan 11)
- Re: Security Standard Branding & Expectation Checklists Jared W. Robinson (Jan 08)