#infosec people, help me out here.

There was an idea where you'd select people you trust for a certain domain, and then check to see if they reviewed #software and attested that it is "good" in some way.

For example, maybe you trust me to verify #security, but someone else to speak to the #performance, and maybe a third person of #usability or something.

This is something I've heard at lobbycons all over the place, but never seen it formally presented, or implemented.

Does anyone know if progress has been made on this concept? Has it been tried and failed? Am I the only one who remembers people talking about this at the hotel bars?