Industry Leaders Band Together to Encourage Open Discussion about Security Products to Strengthen Cybersecurity Transparency and Innovation
Orca Security today announced the launch of TransparencyInCyber.org, a new initiative to elevate transparency and drive open discussion in the cybersecurity industry. Backed by industry leaders including BeyondTrust, Lucidum, IT Central Station, and Andy Ellis, the initiative shines a light on the 42 percent of cybersecurity companies that restrict their customers’ abilities to post reviews and benchmarks and challenges them to enable more open conversations about their products to support greater security for all.
With digital transformation rapidly accelerating across industries, the need for transparency is greater than ever. Cybersecurity is a critical anchor that keeps bad actors at bay and allows the world’s economies to flourish. Transparency in Cybersecurity’s mission is based on three core tenants to support this essential need:
- Unrestricted dissemination and sharing of product benchmarks and real-world experiences create a safer digital world
- Cybersecurity product companies need to incorporate openness, communication, and accountability into their business operations
- Transparency is the great equalizer and should be embraced by all in the industry
These tenants will guide the efforts of the initiative to provide open conversations around the capabilities and best use cases of cybersecurity products and how best to advance the industry in a beneficial way for consumers and businesses alike.
“The need for transparency in cybersecurity is long overdue. Organizations hiding behind legal limitations and not allowing customers and third parties to review their products are gatekeeping the truth of their capabilities,” said Avi Shua, founding member of Transparency in Cybersecurity and co-founder & CEO of Orca Security. “No cybersecurity company or product is perfect but security by obscurity doesn’t work. We need to ask more cybersecurity companies to support honesty, and accessibility of product information to improve security for all.”
Transparency by the Numbers
In conducting an independent survey of end-user license agreements (EULAs) from more than 200 private and public cybersecurity vendors, the initiative found that transparency is overwhelmingly lacking in some of the top companies’ agreements.
Key findings of the vendor scorecard research include:
- 42 percent of all cybersecurity firms restrict transparency
- 53 percent of public cybersecurity companies restrict transparency
- 61 percent of private cybersecurity companies do not restrict transparency
The high number of companies restricting third-party benchmarks and reviews in their EULAs may lead to marketing messages that favor vendors’ business objectives instead of product users.
While these findings pose a clear signal for needed industry change, Transparency in Cybersecurity commends companies such as Akamai, Axonius, BeyondTrust, Duo Security, Kaspersky Labs, KnowBe4, and others who were found to allow third-party organizations and consumers to conduct honest reviews and examinations of their solutions.
QUOTES FROM FOUNDING MEMBERS
“Without cybersecurity transparency, the solutions organizations rely on for security, operations, management, marketing, development, and daily operations can be leveraged by threat actors against your environment. Identifying risks within them is critical to securing your organization and without cybersecurity transparency, vendors can obfuscate flaws that leave you unable to quantify the risks they represent. Remediating risks is a top priority for security professionals and cybersecurity transparency ensures they are identified, rated, and ultimately tracked through closure.” – Morey Haber, CIO | CISO of BeyondTrust
“Cybersecurity users seek transparency in an industry which is, by definition, sensitive about disclosing information. We are proud to take part in this important initiative, as product reviews provide an authentic perspective that can only come from a real customer. Neutral, structured reviews and analysis are critical to the validation and feedback sought by cybersecurity users and buyers.” – Russell Rothstein, CEO of IT Central Station
“It’s important that security teams understand the capabilities of their security solutions. Not just what works, but where they might need to bring in additional capabilities to complement the boundaries of their existing defenses. Without vendor transparency, companies might be surprised unpleasantly one day.” – Andy Ellis, CSO Hall of Fame 2021
“Many times, restrictive clauses exist in EULA templates and vendors may not even be aware it’s in their agreement. This happened to Orca as well - we found out that some of our SaaS agreement variants had this clause (and of course we changed it immediately). We recommend talking to your vendor and asking them to remove this clause before assuming that they really stand behind this restriction.” – Avi Shua, Co-Founder and CEO of Orca Security
“Imagine a world where automotive manufacturers can legally prohibit safety reviews, pharmaceutical lab testing is barred by force of civil lawsuit, and the health claims of food additives cannot be publicly assessed. To our industry’s shame, that is the world of cybersecurity software. It’s anti-competitive, blinds the market, hurts the customer, and reduces the credibility of security software creators. It’s time to end the practice of gagging consumers and create a free and transparent industry. The result will only be better products, informed consumers, and a more secure industry. – Joel Fulton, PhD – CEO & Co-Founder of Lucidum
Transparency in Cybersecurity Resources:
- TransparencyInCyber.org website
- Orca Security Blog: The Cybersecurity Community Demands Transparency
For more such updates and perspectives around Digital Innovation, IoT, Data Infrastructure, AI & Cybsercurity, go to AI-Techpark.com.