Cyber UL

By Space Rogue 3 comments

So why are there so many bad, nonsecure and just plain broken security products on the market? Should we depend on the unseen hand of the free market to allow the better products to bubble up to the top? Bruce Schneier’s recent column in Wired magazine shows that better products doen’t necessarily mean more secure products. Consumers would rather have an easy to use product instead of a secure product, in other words they want the dancing bears and chocolate. So products that have lots of blinking lights will win out in a free market over those that actually work. As Bruce mentions what is needed is some sort of label to let consumers know just how secure a product or service is. Sorta like the SPF rating on sunscreen, this way people can pick the level of security they need for thier environment. Bruce wrote about this before back in 2001 but the idea is much older than that. I first heard about such an organization that would rigoursly test and rate the security of products from Tan at the L0pht. He wrote and published a white paper waaay back in January of 1999 calling for a Cyber UL to test and rate security products.
So here it is over eight years later from that first call to action. Eight years. And we still have products like Secustick being released and used by the French Intelligence agency. Obviously there is a need for such an organization, where is it? Why hasn’t it been created yet?


bruce campbell army of darkness

Jan 1, 2008, 7:11 am

bruce campbell army of darkness…

Thanks for the nice read, keep up the interesting posts…..

AES = XOR = Secure? WTF!?! at SPACE ROGUE

Feb 2, 2008, 11:13 am

[…] test each and every product they buy for security. I’ve mentioned the formation of a Cyber UL before and clearly it is sorely […]

SPACE ROGUE » Cyber UL – Reloaded

Apr 4, 2008, 7:19 am

[…] USB drives and people still using XOR encryption, such luminaries such as Bruce Schneier and even myself have commented that such an organization is sorely needed. Well Tan has now responded himself with […]

Leave a Reply