the company plans to release a toolbar for major browsers that will check visited Web sites for obvious security issues. The add-on software will check for twenty signs — such as the version numbers of the Web server and the content management system — to make sure that the site has no obvious flaws.

As I said, it seems like a good idea. It’s non-invasive, and it alerts users (even non security savvy ones) that a site may be insecure. Ultimately it provides a very real and direct consequence of lax security to e-commerce sites – be secure or you may scare off customers. (And we all know that fear of affecting the bottom line is often the only thing that makes corporate entities act in favor of security). The problem is that without being invasive (think SQL injection), you can’t really tell if a site is secure. I’m afraid that this is going to turn into another one of those McAfee hackersafe style logos – just a green light that makes you feel safe without actually doing anything.