Opinion: Do we need Security specs for products?

Are your devices secure? How do you know?

I sat and thought about how we, as customers, can feel safer when we buy connected products. We all know the importance of security, but do we know how secure our products are? Do the companies that sell the products ever tell us about what security measures they take? No, and no.

I think that we need to require from companies several ways that show us how their products are secured. Yes, if we are talking all day about how much we want to be secure in a world of online hacking. Even cute teddy bears are not safe enough (Cloudpets).

Today we only know the mainstream specs of products. We know the processor or the pixels or the version of Bluetooth but we don’t know how secure is it.

First, on every box, we have to see the type of security is built into the connected product, for example “BlackBerry Secure.” Then, we will know which type of security have, BlackBerry security in this example. In every product specs the manufacturer must release the security type, like Powered by BlackBerry secure QNX or BlackBerry secure servers and what version the security package holds.

I will add even security updates from the company as commitment to the specific product. If we want to be secure and not just to feel secure, companies must realize that they must add the security type in the product. Today, we heard that WD Mycloud are exploited by attacks, and I guess most of us thought it was a secure service. But it won’t be until the company fixes it, that it truly will be secure.

If you know the security level of the product that you want, you will be able to better choose the products you buy.

security, opinion

Roy Shpitalnik

lived the life of a BlackBerry since 2009 so I was first exposed to 8900. With Israeli cellular world history, training and knowledge for more on BlackBerry, I decided to join the community. When the Media bash BlackBerry on regular basis i decided to Join BerryIL.COM. The true must be published. Contact me on Twitter : @SimpleBerryRoy

  • Mike Robinson

    I suspect that a certain amount of legislation will be required at some point: perhaps something like the European CE mark but for security design and implementation. However, it’s never going to be as critical as, for example, air bags and bumpers in cars. Anything which slows down the release of a product to market will be unwelcome, until companies are forced out of business for poor security. In the USA, the Federal Trade Commission has filed a lawsuit against D-Link for poor security implementation, but this is unusual: most companies can get away with a lack of thought or care for security. Steve Gibson (grc.com) recently mentioned on his Security Now podcast (episode 597) that he thought security design should be the combined responsibility of every member of the product design team, BUT there should also be someone for whom security was their sole concern.

Top