In Advertising Standards - Security Standards I mentioned how online marketing claims are subject to the UK Code of Non-Broadcast Advertising, Sales Promotion and Direct Marketing (CAP Code) from the Advertising Standards Authority (ASA).
Each month the ASA publishes a list of adjudications, and a recent one caught my eye. In the ASA Adjudication on UK2 Group a claim of "100% network uptime in 2011" was found to have breached CAP Code (Edition 12) rules 3.1 and 3.3 (Misleading advertising), 3.7 (Substantiation) and 3.11 (Exaggeration).
The complaint by a (consumer) customer was upheld since "UK2 had not provided any documentary evidence to demonstrate that their web hosting service achieved 100% uptime in 2011". UK2 had attempted to justify their uptime claim by saying that an individual server being offline did not affect the performance of the network. In this case, the customer's view of the service was the total package.
Whilst this does not specifically relate to application security, this appears to be quite similar to unsubstantiated claims such as "being secure" and "we protect your data". We do not know what the informally resolved cases relate to but it will probably only be a matter of time before we see challenges to application security claims for B2C services.
Posted on: 23 March 2012 at 07:47 hrs