There are a number of reasons why I have never recommended making use of services such as ScanAlert for certifying any of my own organisations hundreds of websites, but they all really boil down to one thing. I think they are a complete waste of money and recent news only serves to back-up my opinion.
The ScanAlert website brags
When you display the HACKER SAFE certification mark, you not only increase sales by increasing shopper confidence, you build your brand with the security seal seen on more top sites than any other.
You can’t really deny any of the claims made in that statement. Yes, you might increase confidence and yes you are displaying a security seal seen on many other web sites, but that is not to say it is secure because as you, me, and every hacker worth his salt knows, there is no automated scanning service in existence that can beat even a half decent hacker.
I’ve spoken at length on this blog, in various journals, magazines and conferences on the same subject but there remains something about automated scanning that makes organisations believe that they are covered. It’s really the same as taking out life insurance cover while failing to tell the insurer about a history of heart disease. The policy is never going to pay out – it’s false hope.
The Hacker-Safe mark is a futile effort to secure websites. I’ll stand by my opinion and lastly, even if I could get assurance that my website is secure, I’d never be so bold as to display a big rubber stamp that says so. Talk about red rag to a bull.