You can't secure what you don't acknowledge.SM

Tuesday, August 26, 2008

Finally...someone gets their Web security policy right!

When most companies claim Web "security" they tout SSL like I mentioned here. I've had trouble figuring out why the buck stops there...maybe because they're being written by people in marketing??

Anyway, LinkedIn finally got it right. The security stipulation in their privacy policy goes beyond SSL:

In order to secure your personal information, access to your data on LinkedIn is password-protected, and sensitive data (such as credit card information) is protected by SSL encryption when it is exchanged between your web browser and our web site. To protect any data you store on our servers we also regularly audit our system for possible vulnerabilities and attacks and we use a tier-one secured-access data center. It is your responsibility to protect the security of your login information.

Why has no one else said this? Good for LinkedIn.

No comments:

Post a Comment