Back in early 2000, Kevin Finisterre and I were talking about HackerSafe and the risks that it posed to its customers. Primarly, if hackers monitor all HackerSafe websites they will know when to attack a site based on the presence of the HackerSafe logo. Another issue that we have with HackerSafe like services is that we feel that people are getting a false sense of security. Automated tools like the ones used by HackerSafe (scanalert) do not identify the security holes that most hackers use to break into networks, instead they only identify the known issues.
Don’t get us wrong, there is value in the services that are being offered by ScanAlert. Their services help businesses keep up to date with patches and prevent businesses from missing the obvious and low hanging fruit. For that very reason services like HackerSafe have a very good ROI. Just don’t feel 100% because you’ve got the logo, you’re never 100%. Here’s an article where our CTO commented on the recent HackerSafe pwnage.