Could Third Party Certification Authorities Play a Role in API Security?

This is ninth part of ProgrammableWeb’s series on Understanding the Realities of API Security. It is based on the testimony offered by ProgrammableWeb’s editor-in-chief David Berlind to the ONC’s API Security and Privacy Task Force.  In the previous part -- Part 8 -- Berlind answers the following question posed by the ONC:  How Can API Risks and Vulnerabilities Be Mitigated?

To me this question is, how do you instill confidence in consumers that their applications are safe to use. It is this very question that I asked myself and that provoked me to consider the idea of a Good Housekeeping seal of approval and all the elements that would make such a program successful. They are too long and detailed to enumerate here but I would be happy to go into more depth at the future request of the task force.

In terms of example of existing authorities that could be leveraged, I don’t think there are third party certifying authorities that can be leveraged. But there are examples to learn from and I think TrustE, NIST’s Green Button, and the PCI Data Security Council are three of those. In fact, ProgrammableWeb recently endured a TrustE audit and, as a result, we had to make several adjustments to the way our Web site’s user experience works.

In the next and final part, the conclusion of ProgrammableWeb’s series on Understanding the Realities of API Security, ProgrammableWeb editor in chief David Berlind shares a version of his written testimony that was condensed to a 5 minute version for his oral presentation to the ONC’s API Security and Privacy Task Force.

David Berlind is the editor-in-chief of ProgrammableWeb.com. You can reach him at david.berlind@programmableweb.com. Connect to David on Twitter at @dberlind or on LinkedIn, put him in a Google+ circle, or friend him on Facebook.
 

Comments