Trustmark featured by WSJ
We're happy that our Trustmark for IoT project is getting a lot of attention—despite it being very early days.
Just this week, we got two (and a half) mentions:
- Mozilla's Internet Health Report mentioned our research as part of an IoT spotlight. (The trustmark work is supported by Mozilla through a fellowship.)
- The Wall Street Journal's Jeff Stone interviewed me for the WSJ's Pro Cybersecurity newsletter (paywall): "IoT Security Push Includes New Mozilla-Funded Open Source Project"
- And Bruce Sterling tagged my presentation on his blog.
Here are some relevant passages from the WSJ interview:
If organizations and individuals are going to work to ensure the next generation of connected devices is manufactured with cybersecurity and user privacy in mind, they are going to have to work together. Teamwork and transparency are two of the guiding principles of a new open-source project that aims to communicate the data practices of Internet of Things device-makers in an understandable way. The “Trustmark for IoT” project is funded by the Mozilla Foundation, a non-profit organization that leads the Mozilla software project and helped develop the Firefox web browser. “Trustmark for IoT” is in the very early stages, but is meant to establish a standard way in which consumers assess the risk associated with a connected device based on five dimensions: privacy and data practices, transparency, security, openness and sustainability, said Peter Bihr, the Mozilla fellow leading the initiative.
“We’re going to choose the most open model possible because this standard is absolutely something that will need to be peer-reviewed and change over time,” Mr. Bihr said of his own fellowship.
This is an aspect we haven't talked about much until now: At this stage I'm coordinating this effort somewhat centrally, but the goal is for this to be as decentralized and open as possible. This includes sharing our findings, learnings and failings openly so others can learn from them; Structuring the trustmark in a way that guarantees it to be free to use; And allowing for true peer review not just in the early stages but especially as the project matures.
We aim to make everything as open as possible, within reason: Having to move quickly means the approach will by necessity be a pragmatic one, and we'll have to work with that reality. That said, for every context we'll find the most appropriate way to open up what we draft here, from our presentations to documentation to research.
There are still lots and lots of questions, but we're also having ongoing conversations galore, and so far been seeing a lot of interest. We're just a step or two away from starting to formalize a little the way we can interface especially with larger organizations.
Until then, we hope that we can put the media attention to good use. If you're a journalist and wouldd like to discuss this, please get in touch.