Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

InfoSec 2012: New online dashboard to monitor SSL quality

SSL Pulse to raise awareness and provide tools for website owners to improve their SSL implementations

Article comments

The Trustworthy Internet Movement, a non-profit initiative formed in February to help address ongoing security issues on the internet, has unveiled its first project – an online dashboard called SSL Pulse that monitors the quality of SSL support across websites.

Launched at Infosecurity Europe today, SSL Pulse is currently tracking just under 200,000 websites with valid certificates, representing the majority of SSL sites in the Alexa top one million list. Of those, only 50% get an A-grade and the rest could use improvement, according to TIM.

Anyone can use SSL Pulse to check whether a website has a secure SSL function and view a list of the best and worst performing sites.

Speaking at the event, Philippe Courtot, founder of TIM and chairman and CEO of Qualys – whose technology powers the platform – said the idea of Pulse is not to name and shame organisations which are not up to standard, but to raise awareness and provide tools for website owners to improve their SSL implementations.

“SSL promises security, but if not managed properly it gives users a false sense of security,” said Courtot. “If everybody knows, there are no excuses; anybody can see your grade and you can check any website on the planet in about a minute.”

According to current figures on Pulse, only 10% of all SSL-enabled websites are currently secure. Meanwhile, 40% support weak or insecure cipher codes, and only 8% have an Extended Validation certificate.

Ivan Ristic, director of engineering at Qualys, said the figures will be more meaningful once they have gained some historical context. However, he highlighted that 75% of sites are still vulnerable to the BEAST attack – which has been known about since 2004.

Courtot dismissed suggestions that the platform effectively provides a directory for hackers, claiming that hackers already have similar tools to crawl websites and detect vulnerabilities. He said that organisations with poor SSL support are “lucky that they haven’t already been compromised,” adding that Pulse would help them improve their security.

The issue of brand reputation was a little more hazy, although Courtot said there is a forum where organisations can submit problems.

Alongside the new platform, TIM announced has formed a taskforce of security experts to review SSL governance known issues and develop new proposals aimed at making SSL pervasive on the internet.

The taskforce includes PayPal CISO Michael Barrett, SSL creator Taher Elgamal, GlobalSign CTO Ryan Hurst, Google software engineer Adam Langley, Whisper Systems founder Moxie Marlinspike and Qualys’ Ivan Ristic.

“I talk to guys daily who are looking for a silver bullet, but the idea of a perfect security solution is foolish, there’s no such thing,” said Elgamal at the launch.

“The data that Pulse is going to provide to the industry is going to be very powerful, and give information to organisations on how to secure their infrastructure.”


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *