The news about breaches and embedded malware is incessant. How is it that major supply chain software, for just one example, can be so badly compromised?
What can be done about it?
For the answer, watch this video:
The challenges we face with corrupted software, as well as other digital age challenges, resemble challenges that were solved in the physical world through the application of the strong personal accountability associated with professional licensing.
Think about accountability for things or services in the physical world: A professionally licensed, expertly qualified individual puts their reputation on the line by signing and taking legal responsibility for the integrity of something. Professional licensing has proven itself for centuries as a way to bring personal accountability to the professional practices, from bridge designers to doctors to architects.
The Professional Licensing Initiative brings back individual accountability for claims and representations made in online spaces via its professional licensing program.
One of the reasons that professional licensing has been so effective in the physical world is that professional licensees tend to enjoy a very comfortable income from their services. The prospect of losing that income motivates professional licensees to practice with diligence. We’re using that same model to bring new levels of diligence to the digital world, by showing that paying professional licensees well is in every relying party’s best interest.
Most software products are digitally signed, meaning that you, the relying party, can know that nothing has been altered – not a single bit – since it was signed.
That’s supposed to provide you assurance that the software is trustworthy. But… who did the signing? Typically, signing PENs (private keys) are a departmental asset. So… the code is signed by… what, a department, a bunch of people, no one of whom bears direct accountability?
Is it any wonder that time and time again, criminals have managed to get their hands on those signing PENs? For the answer, consider some of the horrendous recent supply chain software breaches.
To qualify, an applicant will need
The various professional licenses in Osmio are valid for different periods, as set by the responsible commissions.
As you may know from our other videos, a critical feature of the PKIDR infrastructure is Accountable Anonymity, which lets a credential holder assert their identity without disclosing their identity.
While the professional license is bound to the licensee’s identity certificate, it does disclose the identity of the license holder. In that way it’s a special derivative of the professional license holder’s identity certificate. Unlike the identity certificate that it’s bound to, the professional license digital certificate makes its holder’s identity quite public, putting their good name and reputation on the line.
You may be wondering why a professional license holder would accept liability for their digitally signed attestations. The answer is the same reason an architect takes professional responsibility for the habitability of a building: she gets paid well for accepting it. Licensed professionals are truly gatekeepers to the market And the assurance they provide to both companies and their customers make their services well worth the price.
And the relying party – you and I – can trust that attestation because the license itself is backed by the duly constituted public authority of Osmio.