<<Print>>

Companies that do not do enough to keep their websites secure are to be named and shamed to help improve security. The list of good and bad sites will be published regularly by the non-profit Trustworthy Internet Movement (TIM). A survey carried out to launch the group found that more than 52% of sites tested were using versions of security protocols known to be compromised. The group will test websites to see how well they have implemented basic security software. Security fundamentals The group has been set up by security experts and entrepreneurs frustrated by the slow pace of improvements in online safety. "We want to stimulate some initiatives and get something done," said TIM's founder Philippe Courtot, serial entrepreneur and chief executive of security firm Qualys. He has bankrolled the group with his own money. TIM has initially focused on a widely used technology known as the Secure Sockets Layer (SSL). Experts recruited to help with the initiative include SSL's inventor Dr Taher Elgamal; "white hat" hacker Moxie Marlinspike who has written extensively about attacking the protocol; and Michael Barrett, chief security officer at Paypal. Many websites use SSL to encrypt communications between them and their users. It is used to protect credit card numbers and other valuable data as it travels across the web. "SSL is one of the fundamental parts of the internet," said Mr Courtot. "It's what makes it trustworthy and right now it's not as secure as you think."