Can the Internet Be Made Trustworthy?
Page 1 of 1
The year 2011 was full of data breaches -- and 2012 may well be even worse, according to Qualys CEO Philippe Courtot.
Courtot delivered a keynote address at the RSA security conference in San Francisco on Wednesday, outlining his views on the need for a more effective approach to security. He also officially launched a new movement to help bring more trust to the Internet.
"The biggest challenge is the trustworthiness of the Internet itself," Courtot said.
The issue of trust comes down to multiple factors that Qualys has helped to quantify. One issue highlighted by Courtot is the problem with SSL trust. SSL is widely used to secure transactions across the Internet. A new study that is currently underway from Qualys has already scanned 1.4 million websites and has found some surprising risks: According to Qualys, 54 percent of the sites scanned so far are still using SSL 2.0 -- a security protocol that Courtot noted was broken in 1995, a full 17 years ago.
Upgrading servers to take advantage of newer security protocols is relatively easy, according to Courtot. The more difficult problem to solve is the issue of SSL governance. Currently there are approximately 650 SSL Certificate Authorities that lack adequate governance and oversight. The issue of Certificate Authority security came to light last year with the breach of certificate authority DigiNotar, which resulted in invalid SSL certificates being issued and used.
There are currently multiple efforts in progress to address the issue of trust with SSL Certificate Authorities -- including security researcher Moxie Marlinspike's Convergence and the IETF DANE (DNS-based Authentication of Named Entities) proposal.
"The bottom line is we have to do something, it touches the very trust of the Internet," Courtot said.