Manager

Only available on StudyMode
  • Download(s) : 21
  • Published : May 13, 2013
Open Document
Text Preview
ICSA Labs Product Assurance Report
A study conducted by the Verizon RISK Team

Table of Contents
Introduction................................................................................................................................................2 Methodology............................................................................................................................ 2 • TestingandCertification • DataCollection

Looking Back: 20 Years in the Security Industry........................................................ 4 Product Testing Results........................................................................................................ 6 • FrequencyofCriteriaViolations • CommonTypesofViolations • FactorsContributingtoViolations

Conclusions and Recommendations............................................................................18 • RecommendationstoVendors • RecommendationstoUsers

Authors
WadeBaker CharlesDHylender GeorgeJapak

Contributors
PeterTippett,MD,Ph.D. DaveArcher KevinBrown DavidDeSanto SamGlesner DarrenHartmen AndyHayter DavidKoconis JonMcCown •BrianMonkman •ThangPhanLeoPluswick •AlPotter •GuySnyder •JackWalsh •GregWasson

ICSA Labs Product Assurance Report

Introduction
Arethesecurityproductsyourorganizationdependsuponeverydayreliable?Dotheyconsistentlymeetexpectations andliveuptotheirbilling?Chancesaretheydonot.Thisexperiencehasresultedinthenot-so-tongue-and-cheek postulationthatnewsecurityproductsarecreatedtocompensatefortheshortcomingsandsideeffectsofthe existingones.That’snottosaythereisneveralegitimateneedfornewsecuritysolutions;newbusinessmodels,new technologies,newthreats,andnewlevelsofglobalinterconnectednessrequireustocontinuallyadapttheproducts andpracticesweemploytoprotectinformationassets. Unfortunately,themarket’ssolutionstoallthisnewnessarenotalwaysaslegitimateastheneed.Productqualityis oftenleftbehindintherushtobelatestandgreatest.Newisdistortedwithinnovativebiggertoutedasbetter,and promisesfrequentlyexceedperformance.Thus,theworkofhelpingtodistinguishfactfromfictioniscritical. Inresponsetothischallenge,ICSALabsformedin1989withthegoalofprovidingcredible,independent,third-party assuranceforcomputerandnetworksecurityproducts.Sincethen,ICSALabshasworkedwithhundredsoftheworld’s topdevelopersandindustryexpertstocreateandapplyobjectivetestingcriteriaformeasuringproductperformance andreliability.Webelievewehavecontributedtotheimprovementandmaturityoftheindustryoverthelasttwo decadesbyfacilitatingcollaboration,fosteringaccountability,andincreasinguserconfidence. TwodecadesofcertificationtestinghasaffordedICSALabsagreatdealofexperienceandknowledgeaboutcommon weaknessesinsecurityproducts.Testingproductsbeforetheyhittheshelvesprovidesinsightintowhatisproneto happenoncetheyleavethem.We’velearnedwhatimprovesreliabilityandwhattendstodetractfromit.We’veseen firsthandhowoftenproblemsoccur,whattypesoccurmostoften,andwhytheyoccur.We’vealsoseenhowvendors respondtotheseissuesandhowtheiractionscanaffectconsumersforbetterorforworse. ThisreportisanefforttodistillobservationsfromtheICSAtestinglabsalongwithothersfromthesecurityproduct industryoverthelast20years.ItisthefirststepinalargeragendaatICSALabstoexpandinformationsharingand collaborationwiththesecuritycommunity.Futureworkwillprovideadditionalproduct-specificfindingsaswell asmoredetailedanalysis.Wehopereadersfindtheseeffortshelpfulintheirmissiontoprotectinformationassets andusefulto...
tracking img