Would you purchase an OTC medication that has no expiration date? What about a cereal box without a list of ingredients? What if it claimed to be “gluten-free” on top?
Consumers have come a long way (over a century) to put their trust in the accurate representation of ingredients and associated risks with any food or drug product. In the United States, this trust is built on disclosure requirements set and enforced by FDA. These disclosures help the consumer make informed decisions and keep the producer accountable for their choices. Its success can be seen in grocery isles with parents of nut-allergic kids starting at the back of the packaging.
Today, the largest six companies by market capitalization sell software and hardware to consumers and organizations without meaningful software disclosures. This, in turn, allows the unchecked proliferation of insecure, unpatched, and nefarious software components and affects everything from personal information leaks to national security.
The continued practice of keeping software closed puts the consumer and purchaser in an awkward position to guess the security and compliance risks associated with the product. It fundamentally requires leaning on the judgment of the producers to manage the risk.
We — at Interlynk — believe software disclosure should be easy, obvious, and automated. Software with security and compliance disclosures will lead to informed consumers and operators and, in turn, will create an ecosystem that is more resilient to cyberattacks and requires increased accountability for the software producers.
We can’t wait to bring the capability of the proverbial FDA label to the software and devices.
