Imagine bad technology is junk-food. Wouldn’t it be nice if you could pick a piece of technology off the self, flip it over to read the label, and see if it was good for you? Executive Order (EO) 14028, “Improving the Nation’s Cybersecurity” does just that! It tasks NIST with creating pilot programs for cybersecurity labeling of software that attests to baseline cybersecurity practices. A draft version is available, check it out.
“Software is an integral part of life for the modern consumer. Nevertheless, most consumers take for granted and are unaware of the software upon which many products and services rely. From the consumer’s perspective, the very notion of what constitutes software may well be unclear. While enabling many benefits to consumers, that software – that is, software normally used for personal, family, or household purposes – also is subject to cybersecurity flaws or vulnerabilities which can directly affect safety, property, and productivity.”– NIST DRAFT Baseline Criteria for Consumer Software Cybersecurity Labeling