The letter -- which is brief -- highlights three steps that Sophos's technology consultants and security analysts think Facebook should take to better protect its users and improve overall security.
Through its Naked Security blog, Sophos frequently tracks various phishing scams and clickjacking attacks that appear on Facebook with growing frequency.
When it comes to security, Facebook's servers and login system have a solid track record of keeping its systems clean and breaches to a minimum. Instead, the real security threats are from phishing scams and rogue Facebook apps.
To combat some of these issues Sophos's Graham Cluley says that Facebook should consider adopting the following policies:
Make privacy the default, rather than the opt-in.
App developers and apps should be vetted and approved before being published to the platform.
HTTPS should be used for everything and be on by default.
We think these suggestions make a lot of sense -- especially the call for privacy defaults and HTTPS for everything. Although we wholeheartedly agree that there should be significantly more oversight added to the application approval process, the sheer number of registered Facebook developers and Facebook apps makes implementing a stricter approval process more difficult.