Those of you with a legalistic bent may enjoy an article by John Michener, et al., of BBX, called “Snake-Oil Security Claims: The Systematic Misrepresentation of Product Security in the E-Commerce Arena.” From the abstract:

The authors provide an overview of important issues concerning security-relevant functionality, including critical functionality for security product merchantability. The authors also review certain critical issues concerning vendor development and management processes that are necessary for a vendor to have any understanding of the security properties of his product. Unless a vendor takes appropriate actions concerning these and related issues, the vendor has little, if any, basis for claiming secure products. Thus, there is a high likelihood that representations concerning security and the basic merchantability of security-dependent functionality are misleading, at best…

Categories: Uncategorized dw