None of us would want to be operated on by an unlicensed surgeon so why should we put trust in software applications written by unlicensed, uncertified programmers?
Apple have seemingly taken the high-road by requiring programmers to register as Apple developers (for a small-but-not-negligible fee) before they can deploy their code to a device (even if its just their own).
Intel are implementing a similar strategy citing it as an effort to move “from a known-bad model to a known-good model.” Hrm, could code certification be the reason why they recently acquired McAfee?
The problem with these schemes is that we’ve already seen eventually revoked) by malware authors, so it is not too much of a stretch of the imagination to foresee malware authors purchasing developer IDs to peddle their creations.
We at SophosLabs have long contemplated whether software should come with a Quality Certification or at least digital signatures, and the AppStore concept goes some of the way to achieving this, yet without actually examining the software’s source or binary, how can anyone guarantee the code to be not malicious?
Developer certification is unlikely to happen anytime soon so does that suggest that the security industry needs to become the arbiter of good vs. bad software?
So while some contemplate whether security is worth the effort, security vendors, software houses, and certification authorities are going about their business examining, certifying software with a view to a safe web experience.