All the latest UK technology news, reviews and analysis
|
|
|
17 Feb 2009
Security expert Bruce Schneier has described a money-back guarantee by encryption vendor BitArmor as "nothing more than a PR gimmick".
BitArmor announced a 'No-Breach Guarantee' on its DataControl encryption package in January. Users buying a three-year contract with Platinum-level support, and who applied updates within 90 days of their release, and still suffered a data breach, could claim their money back from the company.
However, an examination of the fine print revealed that the user would have to publically acknowledge the data breach, the refund would only be on the package itself, and the payout would be pro-rated against the length of the contract.
Schneier commented on the offer in his monthly Crypto-gram newsletter as he had been referenced by the company as a supporter of such an idea. He was less than pleased with this.
"Bottom line: PR gimmick, nothing more. Yes, I think software vendors need to accept liability for their products, and that we won't see real improvements in security until then," he wrote.
"But it has to be real liability, not this sort of token liability. And it won't happen without the insurance companies; that's the industry that knows how to buy and sell liability."
Manu Namboodiri, vice president of marketing at BitArmor, has defended the plan. "I think it is bad form for Bruce to ask for more responsibility from vendors and, when one does take on some responsibility, put them down heavily," he said.
"You say software vendors should take on real responsibility, but in the next statement you tell them to effectively become insurance companies. There obviously is a PR element to this, but without product capability to back it up, no company can do this.
"It would have been nice of you to have at least acknowledged that possibility, and asked insurance companies to step up instead of 'pooh-poohing' the whole thing."
Latest stories from Software
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
Orange and Intel talk us through the ins and outs of their San Diego smartphone
Connect with V3.co.uk
Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them
The importance of understanding your infrastructure
My client, a leading international name in Manufacturing...
My client is looking for an Automated Engineer/Developer...
*** Java Architect - IT Services/Consultancy - London...
Skills: C#, WCF, ASP.Net, Real Time Systems, MVC, SQL...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Not just a good idea....
going public about a breach is the law in most states. For Schneier to make that a sticking point is just silly. He knows the current state of breach notification laws very well.
Posted by: EY 18 Feb 2009
hope no one notices
"going public about a breach is the law in most states. For Schneier to make that a sticking point is just silly. He knows the current state of breach notification laws very well." If you think every company discloses, you're living in your own little world. They only really disclose when someone else finds out about it. Otherwise, companies largely absorb and stay hush about incidents. Just like we're taught as kids when we do something bad or break something: hope no one notices.
Posted by: MK 18 Feb 2009