Security → Holding Security Account Vendors Accountable

From this link...»bits.blogs.nytimes.com/2 ··· le/?_r=0

Quote..."SAN FRANCISCO — Make no mistake: It’s a shot across the bow of the online security industry.

Starting Monday, corporate security officers will be able to measure the effectiveness of major security products — a tool the industry has been sorely lacking. NSS Labs, an independent security testing company, has developed a testing service that will allow corporations to see how vendors stack up, including which real threats their products are blocking, and which they are not."

Will be very interesting to see how this unfolds over time...hoping for good things to come out of it!!

This boils down to how well a system can defend itself from a rogue user.
This is more about whether the admin is capable of doing their job than it is about security product vendors, IMO.

i think the big problem is that many of the IT guys who are suppose to be making things secure are not doing their job, not applying patches and not properly configuring things.. that is what i have been concerned about..

"How do [we] know our security's working?"

...ask that to get a better dramady than Twilight [/sarcasm]

Regards

With all of the reputations and money at stake, this should prove to be a fascinating adventure to watch... break out the popcorn! Ratings will be performed, accusations will be made, counter-accusations made, clarifications issued, counter-clarifications issued, further details and explanations given, caveats and interpretational warnings issued, threats of lawsuits flung down, and on and on and on. Whatever NSS's expertise, they are (at the end of the day) just another testing company trying to make their way in the business world, and they'll be taking head-on a lot of other businesses. It should prove entertaining, if not enlightening.

I don't see this going anywhere as a stand alone service.
As a value added service to an existing service such as pen testing it might make sense as an extended service.

Religious thought applied to everyday living.
Matthew 7:1-3King James Version
Judge not, that ye be not judged.

Yeah, I don't know about this. I may be overly cynical, but it sounds like a shake-down operation that sells reports of perhaps questionable value.

Or not. I don't know, maybe they do excellent testing and their ethics are just dandy.

You'll find out if you purchase my quarterly report that grades the test labs' abilities to test security products. Or just buy my annual subscription. A much better deal in the long run.

The claim of being "independent" always amuses me. "Independent" just means you're operating for your benefit only. That's not necessarily a selling point.

Aah, I was stuck on this being a service provided to the customers system.
Probably because I was thinking about relevancy.

The relevancy between a subscribers system & NSS's test bed can only be anecdotal at it's best.
This is more like lowering the bar, not raising it.