InfoSec Warranties and Guarantees
99.9% of current InfoSec products and services provide no warranty or guarantee.
Although this has been very beneficial for software/apps innovation, the security implications are very serious. In the absence of warranties and guarantees, the security industry is driven by marketing, and has very little accountability for the effectiveness, or even the security, of their products and services.
This Working Session will examine the need for InfoSec warranties and guarantees, and how they might be designed and implemented.
- Are warranties and guarantees in InfoSec inevitable?
- How to make warranties and guarantees work
- What should be covered?
- Should governments have a role in (for example) providing ‘Cyber Insurance’ for ‘well-behaved companies’?
- The roles of labels and market forces
- Are we in a ‘market for lemons’?
- The role of Government Agencies
- What lessons can be learned from the Food and Public Safety agencies (and activities)?
The target audience for this Working Session is:
- Buyers of InfoSec products and services
- InfoSec Products and Services providers
- Government Agencies
- Jeremiah Grossman
- Infosec Warranties and Guarantees - list of companies
- An Insiders Guide To Cyber Insurance And Security Guarantees - presentation
- Geekonomics: The Real Cost of Insecure Software - book
- BBC Click - 29/04/2017 - BBC Click investigates a company claiming to offer ‘absolute security’ and discovers all is not what it seems.
- OWASP Security Labeling System Project
- Market for Lemons
Related Working Session(s)
Back to list of all Working Sessions and Tracks
Edit this page here