So what you're talking about is covered by both regulatory compliance (like PCI, or HIPAA), and third-party services (like ICSA and those "hacker proof" logos).<p>The first are an imperfect implementation of a gameable standard which some argue is better than not having anything at all (and others argue makes things worse).<p>The second are at best of limited usefulness (as the half-life of any type of "hacker proof certificate" is incredibly short), or at worst snake oil.<p>While far from a solved problem, the current best practice methodology of implementing an SDLC program, increasing developer awareness, and both internal testing of applications as well as independent third-party security review before letting an application go live really does solve 99% of these issues.<p>Dramatically increasing the overall security posture of the internet at large doesn't require a "cure for cancer"-type breakthrough. It just requires adopting a programatic approach to application development and deployment that is presently not the standard.<p>[edit]: Saw the the submitter was the actual author of the blog, so changed the "he's" to "you're"