Announcing Uncommon Criteria

While there is a desperate need for creative ideas or inventions in the general area of information risk and security controls, specifically for defensive purposes, the implementation phase of innovation is also in need of creativity and care.

Information security products (both goods and services) that are inherently insecure are not uncommon, unfortunately. Aside from simple bugs, implementation issues, incompetence and ineptitude, we occasionally see evidence of fundamental security flaws in the designs, while rumours of backdoors being deliberately inserted by the authorities persist (partly a reflection of justifiable distrust in Big Brother). 

Given the trusted nature of their products, social engineering, insider threats and subterfuge are likely to occur in organizations that produce security products .... so we also need innovation in the area of security assessment and certification of security products, as well as various internal security controls.

In government and military circles, schemes such as Common Criteria improve product assurance but are unbelievably costly. A more affordable version of CC for the general commercial and personal markets would be cool ... so today I am delighted to announce UC (Uncommon Criteria), a brand new cut-price assessment scheme for security innovations. 

Simply send me your idea to evaluate, along with US$10 via PayPal. I'll take a quick look at your suggestion and let you know what I think of it. 

To keep costs down, and in light of my IT audit expertise, I'll respond with a simple numeric code as follows:

1. Already in production
2. Already on the market
3. Already broken
4. Already withdrawn as a dead loss
5. Already superceded
6. Been there done that
7. Been tried a million times already
8. Bends the rules
9. Breaks the law
10. Breaks the laws of physics
11. Commercially-challenged
12. Clumsy
13. Crude
14. Costly
15. Cheesy
16. Details missing
17. Details excessive
18. Details hid the devil
19. Ethically-challenged
20. Environmentally unsound
21. Fantastic, call me, let's talk!
22. Flammable
23. Go find another hobby
24. Grrrrr
25. Hackers' delight
26. Have you checked the patent databases?
27. Impractical
28. Impracticable
29. Inflammable
30. Inherently flawed
31. Inherently insecure
32. Intellectually-challenged
33. Interesting, special even
34. Joking, right?
35. JAiT (Just Another insecure Thing)
36. Killer idea, literally: step away from the keyboard
37. Lewd
38. Likely to plummet like a lead brick
39. Makes no sense
40. Makes me wonder what you are on
41. Makes Bill Gates look like a security evangelist
42. Life, the universe and EVERYTHiNG
43. Needs more work
44. Need more coffee
45. Not new: have you even Googled it yet?
46. Now I know this, you'll probably have to shoot me
47. Now you know I know, I know
48. Over-simplified
49. Overly-complex
50. Over-ambitious
51. Peturbing
52. Practically infeasible
53. Risky as a Chinese bungy cord (the jump off a cliff kind)
54. Shows promise
55. Shows signs of having been backdoored (painful!)
56. Shows total disregard for the field
57. Terrible
58. Terrifying
59. Terminal
60. Trust me, this is the rottenest thing since Edward the Rotter of Rotterdam
61. Trust me I'm a doctor
62. Trust me I'm an infosec pro
63. Trust me, just trust me OK?
64. Unattractive
65. Unable to evaluate
66. Unwilling to evaluate
67. Unbelievable
68. Unbelievably naive
69. Unethical
70. Unimaginable
71. Unimpressed
72. Unconscionable
73. Unlikely to be fundable
74. Unworkable
75. Very very very over-blown: are you in marketing?
76. Won't fly
77. Wouldn't even glide
78. Worst thing since sliced bread
79. X marks the spot
80. You should be ashamed, ashamed I say
81. Zero points, computer says "no"