Trustworthy Internet Movement creates SSL taskforce

Trustworthy Internet Movement creates SSL taskforce

The recently formed Trustworthy Internet Movement announced it has chosen SSL governance and implementation as its first project. The organization has formed a task force to review SSL governance, and make SSL more pervasive across the internet.

TIM's new task force is composed of a number of industry experts, including: Michael Barrett, chief information security officer at PayPal; Ivan Ristic, director of engineering at Qualys and creator of SSL Labs; and Adam Langley, staff software engineer for Google.

"Making SSL pervasive on the internet is a must in order for the web to become a safer place," said Philippe Courtot, founder of TIM and chairman and CEO of Qualys. "Solving the implementation and governance problem can be achieved through industry collaboration and better auditing tools that give us visibility into the root causes of these issues and how to fix them."

TIM also launched SSL Pulse, a new index that tracks the progress of SSL implementation. The index monitors SSL support across the top 1 million websites. Of the 198,216 websites SSL pulse currently tracks, only 99,903 have received an A grade. Companies can go to the SSL pulse page to find their SSL implementation scores.

SSL Pulse provides valuable information to business leaders on the security of their websites, but that information is also available to consumers. It's easy for consumers to use SSL Pulse to gather security information on any website, and, with the growing value consumers are placing on trust, businesses may benefit from implementing tools like VeriSign SSL certificates and ensuring their websites are not vulnerable to common security risks.

As part of an effort to reduce the number of vulnerabilities, TIM has published a SSL/TLS Deployment Best Practices guide to help network administrators and programmers deploy SSL correctly. One of the steps from the guide advises businesses to get their certificates from a reliable certificate authority that meets the demands of the business. For example, businesses that need a large number of certificates should choose an authority that offers a good management user interface.