Sunday 9 December 2012

Software Labels – Jeff’s OWASP AppSecDC 2010 presentation (another dropped good idea)

An old idea from Jeff Williams (which is spot on) is the need to apply Labels to Software and Web Applications.

The concept is simple, but its implementation is really hard, because of the lack of quality standards/metrics in our industry

Here are Jeff presenting his idea two years ago: Don't Judge a Website by its Icon - Read the Label!
This is a really important concept, and its complete lack of adoption (and traction) speaks volumes for our industry
For example, how am I supposed to make informed decisions as a software/website user if I cannot be exposed to something like this:
Also related is the idea o Idea for OWASP Standard for public rating of an WebSite's security profile which could also create these useful labels: