I have been a member of a malware working group at the IEEE of which almost ALL security vendors participate. I've therefore been in a position to create and propose this new Forum:
http://falsepositivereport.com . This is only hours old, but one security vendor has agreed to take part. As the others wake, we'll see who will voluntarily take part in it. As long as Software Vendors take part, security vendors will eventually be forced to take part in order to respond.
OFFICIAL SITE:
http://falsepositivereport.com I would like to congratulate Microsoft as the one company who takes the conservative approach, making their false positive rate the lowest in the industry. Kudos to them. All security companies should act that way! Causing collateral damage to innocent businesses/families is simply unacceptable. It will sometimes accidentally occur, but clearly not enough is being done to prevent this problem, as it has only gotten worse.
---------------------------------
Accountability. Transparency. Communication. Prevention.Helping to prevent false positives and mis-rating of web sites, instead of merely retroactively addressing themThis is a new effort to help slow (and expose) the plague of false positives and mis-rated web sites that are destroying hundreds or thousands of small businesses every year. Some security companies do better than others, but never before has there been a place where false positives and mis-rated sites can be publicly reported. The security companies can then respond, fix the issue, then determine why it happened and work with the vendor to avoid it in the future. After all, once a false positive happens, the damage is already done. Some security companies will not even respond to reports of false positives and mis-rated sites, much less work to avoid them in the future. Other companies DO act much more responsibly.
This is NOT about crucifying security companies. They do have a terribly hard job. Still, many of them can and should do better. This site is about showing which companies are doing the best to avoid collateral damage. It is also intended to facilitate the mitigation of collateral damage when it occurs, and, through communication, help prevent collateral damage (FPs) from recurring. For instance, why did the FP or misrating occur? What can be done to avoid it in the future?
Ironically, malware authors are hardly affected by these aggressive tactics. After all, if these tactics really worked, why would there be so many malware infestations?
Also remember, public transparency and accountability will let consumers know which security companies care about the collateral damage they inflict. Is this not important in your purchasing decision? If not, it should be
. By choosing carefully with whom you spend your money, YOU can force companies to start behaving ethically.
As always, the power is in the hands of the consumer. Choose carefully who you spend your money with and you can force these corporations to act ethically and responsibly.
At this site you can:1. Report false positives and mis-rated sites in REAL TIME to a CENTRAL LOCATION. At this central location, companies will know where to find false positives and mis-rated sites, if they care to look.
2. You can then see which companies care to fix these issues, and how fast. You can also see which companies are interested in AVOIDING them in the future.
3. Communicate with security companies to fix these issues, and help avoid these problems from recurring.
4. Provide historical stories about damage inflicted to your innocent business and/or family.
5. Communicate with other software vendors with similar concerns and troubles.
http://falsepositivereport.com
Show Posts
