I continue to notice "security certified" images that state that a site has been tested to ensure that the website is secure from hackers.

This bothers me for several reasons:

1. These "security certified" images only pertain to a specific type of security.
2. These images create a false sense of security, literally, for both the customer and the website owner.
3. It seems to me that if you something like this on your website, you are challenging the hackers to try to hack your site.

Specific, vendor companies have created these icons to show/prove that the website has been tested for security. This should make a website's owners and/or the website customers feel safe against a security breach.

But is it the wisest course of action to place an image with words such as 'hacker proof' on any website?

Follow up:

Ideally, this makes your customers feel safer. It is good for them to know that you have measures in place to ensure security through CIA (Confidentiality, Integrity, and Accessibility). But at what point do you draw the line?

Working for an IT security company, I expect that there will be individuals who think it is humorous to attack us. We expect it. Understanding how attacks work and how hackers think is the business we are in.

So what is really being secured? More importantly, what is not being secured from these point solutions?

After researching one such image, the fine print states that it is testing for web server vulnerabilities. Another image states 'Secured by'... These 9 times out of 10 refer to SSL (Secure Sockets Layer) Encryption.

SSL Encryption prevents someone from stealing/intercepting data when it is being transferred to or from the customer or server.

Neither one of these solutions will secure your web applications. Code reviews and network vulnerability testing are among a few of the steps that should be taken when securing a web application.

In the past, potential customers have asked if Changescape and IBM Rational have anything of this ilk with our web application security measures.

Our answer is no.

In my humble opinion, if you place one of these icons on your website you're placing a bull's eye on your back for any hacker or script kiddy to challenge.

If a security breach does occur, your company is ultimately the party responsible. Will having such an image create more issues after a breach?

Here are a few suggestions for what you could do:

• Send an e-mail, mailer, press release, etc. to your customers with the detailed information for how the website is secured.
• Talk to your potential customers about your security measures.
• Include it in a customer proposal.

Overall, my philosophy on this matter can be summed up in one famous and eloquent quote: "Speak Softly and Carry a Big Stick".