Judy was kind enough to try and get an answer to concrete questions I posed in my last reply (via comment). At this point, I think there is still some marketing "fluff" to cut through, so I will persist onward to try and get the answers I think you, the readers (and me) want.
UPDATE March 27th, 1:00pm CDT
I got another reply from Judy (see comments section) and she continues to address, some of my concerns from the original and subsequent posts. I have replied with my own comment to hers, this time in the comment section and not a new blog entry. Please take a read, her reply is worth the time it takes to read, and I hope mine is as well. Thanks!
After a very lengthy and rather well-written response from the folks over at Comodo (as you'll see in the comment to Update 1), I thought it through and have a response - which I would continue to welcome open debate on.
I understand that the Comodo brand and "HackerProof" program is all about creating trust. I've gather that from marketing material, and your rather lengthy explanation of your business model. I get it. What concerns me here is that there is still a rather gaping hole where an explanation of the "security services" should be. Let me address the 3 points that you brought up:
- "The Hacker-Proof seal confirms the site is safe from vulnerabilities that hackers can exploit" - I have yet to have someone or some piece of marketing literature explain this to me. I understand how verifying identity of a company, auditing its books, etc makes them more trustworthy - yes I understand that clearly - in fact, I wish ChoicePoint would have done that... but I digress. Please explain to me the how of this point. Enough marketing already, let's get to the meat of the product offering. Do you use scanners, ex-hackers, a combination of the two, some home-grown tools... what?
- b? (just picking on you now...) "The identity of the business has been authenticated and verified" - This service is very much needed, and should be a well-regarded piece of your business that I would actually pay for, as a customer. I, an avid online shopper, would actually pay a premium on goods (as much as 5% maybe?) to know for certain that some [trustworthy] 3rd party has verified that the company I'm sending my credit card information to, and buying goods/services from is legit. I applaud this piece of your business and I think, if well executed, this is a worthy service to the Internet.
- "that the site is worthy of a seal issued by a brand that over 100 people associate with security" - I'm not sure where you're going with this one, so I'm just going to leave it be. I understand you sell desktop protection tools - in fact, that's how I came across your site! I've yet to find your products (although this should not be entirely attributed to your company's lack of recognition) available or reviewed on a "well-known" publication, review, etc. Again, this may just mean I've not read enough, or haven't looked hard enough.
Let's clear it up. I think you, Comodo, needs to do one of 2 things here:
- Demonstrate and make more transparent your "ability to confirm a site is safe from vulnerabilities that hackers can exploit" - how do you do this? I'm not asking for the secret sauce - just give me enough to make me sleep better
- Change your seal to quit mis-leading people.