When one of our clients recently threw out a challenge to their competitors in their industry to pick up their game in terms of not only security, but being more open about their security, it was the culmination to an engagement like no other we’ve ever been involved in. (http://www.instructure.com/blog/2012/01/24/some-secrets-hurt/)
First up, we’ve never had a client request a journalist be imbedded into a security testing exercise like this. This presented us with many things to think about.
While we were not totally against the concept, we did preach caution and somewhere along the way, we came to a middle ground with Instructure in terms of what would be published for all to see. You can read all about this; the history, driving forces, the approach and the results here: http://mfeldstein.com/analysis-of-instructure-security-testing/
The Internet has seen quite a bit written about this project and for most part, the reactions to Instructure’s approach have been positive. We’ve seen nothing to suggest that this has just been purely a marketing exercise on Instructure’s part and we do expect they’ll continue to practice what they are now preaching.
This leads me to the question; can “security” work as a competitive advantage for businesses – leading to increased market share? Many expect the answer to be “yes”, but is it really?
I welcome your comments on this topic - it would be good to have a discussion here about it.
In the meantime, we’re watching with great interest to see if our client will reap the benefits of their openness. Stay tuned.