My “kitemark” suggestion for software security seems to have support

I gave the keynote address last week at the International Secure System Development Conference.  One of the suggestions I made was that there might be a “kitemark” system on software giving consumers some assurance that industry-agreed security standards were applied in any software that they bought displaying the mark.  Some people clearly liked what I said.

4 thoughts on “My “kitemark” suggestion for software security seems to have support”

  1. It’s one of those ideas that sounds nice, but could be a terrible headache to implement… Surely it would at least EU legislation and maybe even additionally international standards for this. Also how would this apply to open source systems?

    I’m far from convinced I’m afraid Toby…

  2. Of course, internationally agreed standards would be better. So would EU legislation. However, achieving either will be a long drawn out process. A UK kitemark for software purchased here would help UK purchasers at least know whether there was an agreed minimum level of security built into any products bought carrying the kitemark.

  3. Which creates a non-tariff barrier for UK firms… And would this also apply to free, open source web applications as well?

Leave a Reply

Your email address will not be published. Required fields are marked *