Friday, October 6, 2006

Security and Privacy "Certifications" often mean the opposite

Certifications and Site Trustworthiness

An excellent paper summarizing many of the problems with certifiers such as TRUSTe as well as showing that sites that get these certifications to prove their trustworthiness are actually more likely to NOT be trustworthy!

I know companies who are simply concerned about wanting customers to _think_ that their site was secure that they worked on getting a certification instead of investing in actually _making_ their site secure. No corrective action was taken to align technology or processes to the spirit or letter of the "certification". The same crummy procedures and mindsets that existed before the certification were there after the certification.

I have actually helped fill out the TRUST-e questionnaire the difficulty in answering their survey questions with 100% knowledge of everything that goes on in a company even though it tends to certify the site.

No comments:

Post a Comment