A Software Security Kitemark?
Last Thursday, the UK's House of Commons Science and Technology Committee published its report on malware and cyber crime following an enquiry and public consultation.
The committee welcomed the publication of the Government's cyber security strategy at the end of last year, but instead wanted to address the concerns of everyday internet users in its report. In particular the committee believes that better awareness of issues and solutions amongst computer users will provide the greatest benefits to society. It highlighted the plethora of onformation sources, and guidance that might be too technical to understand or too difficult to implement effectively.
The issue of a kitemark for software that meets certain security standards is raised again (paragraphs 67-68) although there is a concern that this might be more of a benefit to larger software development companies. The report suggests the ability and resource to "produce an online testing system already exists" (paragraph 69) and that the provision of an automated system to assess the security of software could be developed by Government or in partnership with private industry, or entirely by private concerns (paragraph 70).
Security labelling and the ability to automatically scan software for all security problems are not trivial issues, and we mustn't forget about design flaws and insecure deployment, but the committee is correct, consumers need better, trustworthy advice.
Posted on: 10 February 2012 at 07:45 hrs
Comments are filtered automatically and should appear shortly after they been checked.