Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Submission + - An Equifax For Security Risk? ( 1

chicksdaddy writes: A Boston-area startup, BitSight, has announced what they say is the first objective security risk rating system that can be used to determine how (relatively) hackable your company is.

BitSight wants to serve the same role with security risk as the “Big Three” credit rating agencies (Standard & Poor’s, Moody’s, and Fitch Group) or consumer rating firms like Experian and TransUnion, which evaluate the credit worthiness of individuals. (BitSight even appears to use the same 800-point scale favored by Experian, TransUnion and the other credit rating agencies).

The company recently secured a $24 million Series A funding round ( after emerging from NSF-sponsored research by co-founders Stephen Boyer and Nagarjuna Venna. (

BitSight Partner SecurityRating, announced on Tuesday, is a cloud based service that offers realtime ratings of organizations’ security risk based on what it calls “externally visible network behavior." In the consumer credit space, that might be new lines of credit, or a late payment to an existing lender. In security risk, it could be the presence of stolen data on a cyber criminal group’s “drop site” – a likely indicator of compromise. Systems attached to corporate domains that participate in a botnet or distributed denial of service attack (DDoS) could also bring an organization’s risk rating down.

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

An Equifax For Security Risk?

Comments Filter:
  • How long before they act like the BBB and start charging for a better rating?

    It might be cool if government departments were also included in the ratings. Especially after ObamaCare healthcare exchanges go online. Let's see how safe our medical records are.

    It would also be nice to know who is and is not running PFS.

Logic is a pretty flower that smells bad.