Mandatory disclosure for companies selling IT security solutions
Transparency is a term that tends to be overused and because of that, it has lost some of its intrinsic meaning. Transparency to us means that something is easily recognized, detected or obvious. Most people would agree that transparency is required in nearly every aspect of our lives; at work, in relationships and with companies we give our money to. Transparency earns trust and loyalty and as such, people both respect and expect transparency in their dealings with others.
Unfortunately, consumers don’t always receive it, even when they’re spending hard earned money on products to protect themselves. At this point it’s become obvious that the security industry is a much less than fully effective in dealing with threats and attacks and a more than a little opaque in its disclosure of the true security properties of its various products. This is where the concept of “Transparent Disclosure” comes in, namely to fill the void created by a consumer ‘s need to know on the one hand and the IT security industries obligation to disclose on the other. Everyone respects truth and honesty and that’s what Transparent Disclosure offers, because when there is nothing to hide, extending them both is not an issue.
Truth, in the context of security software involves ?rst informing consumers in plain English about the actual threats to security and privacy a given solution can actually thwart. Some of the biggest name security products don’t actually protect consumers from what they think they do. As a result, consumers end up purchasing products that they can only assume will protect them in a general sense because the specifics are not fully explained. In other cases, consumers are forced to try to decipher slick marketing or techno speak in order to try identify whether a given product can function as legitimate solution. Simply put, to help facilitate effective consumer choice, IT security companies should be as verbose about what situations their products can’t protect as those where they can.
Honest disclosure is a much higher hurdle, because it requires a record of the known threats that a given solution cannot effectively address. Consumers respect honesty so much that some companies actually gain customers in insecure times such as recalls, because of their ability to communicate their honesty and that they truly care about the consumer. Vendors need to be aware that honesty should come even before profits, especially when it involves such sensitive data as passwords, bank information and files. The required mandate is simple: be honest about what your product can and cannot do and disclose the facts in an manner that can be understood by consumers.
We believe that the lack of truthful, honest and transparent disclosure is an enormous problem in the IT security industry and vendors (present company included) need to take ownership of this problem and its expedient solution as cyber security is too important to all of us, not to. We would further argue that this type of full and complete disclosure not only will create much more informed consumers, but also in much more secure products!
biography
Dave Lowenstein is CEO of Federated Networks.