Brand owners which do not do enough to keep their online data secure are to be named and shamed, after a security group found that over half of all sites are using compromised software.
The plan is the brainchild of non-profit organisation Trustworthy Internet Movement (TIM), which has been set up by security experts and entrepreneurs frustrated by the slow pace of improvements in online safety.
TIM founder Philippe Courtot, an entrepreneur and chief executive of security firm Qualys, said: “We want to stimulate some initiatives and get something done.”
Experts recruited to help with the scheme include SSL inventor Dr Taher Elgamal; hacker Moxie Marlinspike; and Paypal chief security officer at Michael Barrett.
TIM has initially focused on a technology known as the Secure Sockets Layer (SSL), which is used to encrypt communications between websites and their users. It is designed to protect credit card numbers and other valuable data as it travels across the web.
However, many companies are running compromised versions of the technology. The first stage of TIM’s plan is to run automated tools against websites to test how well they had implemented SSL, said Courtot.
“We’ll be making it public,” he added. “Everyone is now going to be able to see who has a good grade and who has a bad grade.”
Early tests suggest that about 52% of sites checked ran a version of SSL known to be compromised.
The second part of the initiative concerns the running ‘certificate authorities’, which guarantee that a website is what it claims to be.
TIM said it would work with governments, industry bodies and companies to check that CAs are well run and had not been compromised. “It’s a much more complex problem,” said Courtot.
