Outcome based Security - First Steps

Ôö£├ÂÔö£├éÔö¼├║├ö├Â┬úÔö£├®Ôö£├ÂÔö£├éÔö¼├║├ö├Â┬úÔö¼ÔòæÔö£├ÂÔö£├éÔö¼ÔòØ├ö├Â┬ú├ö├▓├ªthe only two products not covered by product liability are religion and software, and software shall not escape much longer.Ôö£├ÂÔö£├éÔö¼├║├ö├Â┬úÔö£├®Ôö£├ÂÔö£├éÔö¼├║├ö├Â┬úÔö¼ÔòæÔö£├ÂÔö£├éÔö¼├║├ö├Â┬ú├ö├Â├ëDan Geer (CISO, In-Q-Tel)A game changing statement made by Whitehat Security announcing total refund alongwith upto $250000 cover may prove to be a paradigm shift in how business gets done in the security domain.Now, not only will Sentinel Elite customers receive a full refund in the event that their site is breached as a result of a vulnerability that we should have discovered but missed, we will also cover up to $250,000 in damages to the affected company.Various concepts like Software Liability, Outcome based Security and Shared Risk Models have been talked of in the past but the security industry had shied away from walking the talk. With the first tentative steps taken by Whitehat Security, will we see customers demanding more from other security vendors?   

Rate this article: 
No votes yet

There is 1 Comment

I am curious to know how would their disclaimer be interpreted by courts/ other arbitration agencies. ie "site is breached as a result of a vulnerability that we should have discovered but missed"
So a Marketing Gimmick or a new wave of assurance for "Result Based Security"? Possibly time (till the first lawsuit) will tell