Peiter Zatko had left Google to respond to a request by the Whitehouse that he develop a cyber UL, a concept described in a paper published in 1999 by Tan from the L0pht. The paper reads in part
“Just as in the late 1800’s, the consumers have little understanding of
the inventions they are purchasing. They are presented with claims by
the product’s marketers and have no way of proving those claims to be true or false. Just as it was back then, this has not stopped the large-scale application of these inventions, regardless of public safety. In the late 1900’s, nobody has stepped up to the plate to expand the UL’s role into computer security products or to take that role as their own. To some extent, groups like Nomad Mobile Research Center and L0pht Heavy Industries have acted as modern day Merrill’s, publishing non-biased findings to this affect.…
Product certification needs to be performed on every version of a
product. Small changes that could ripple through traditional
technologies causing safety problems are at least ten fold when
applied to computer software. Many similarities may be drawn between the certification of computer security products and the listing of alarm systems and components that UL performs today.”
I think this is a great idea. I also think they have made a start getting the right people to work on the project. Let’s hope major security solutions vendors sign up. If this is just something pushed by the government, it’s likely to die: no matter how potentially effective it might be.