 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
| . |  |
. |
Most security products fail early tests
Mechanicsburg, Pa. (UPI) Nov 18, 2009 Nearly 80 percent of security products fail to perform as intended when they are first tested and often require two or more rounds of tests before they can secure certification, a new report warns. The ICSA Labs Product Assurance Report, the first study of its kind co-authored by the Verizon Business Data Breach Investigations Report research team, lists lessons learned from testing thousands of security products over 20 years. Analysts said the report's findings meant that product-development processes were taking longer to perfect and therefore were likely to cost more. The United States marked October as cybersecurity month to highlight threats posed by cybercrime, identity theft and other computer-related criminal activities. Loopholes and faults in computer systems are seen behind most of the cybercrime, which costs governments and corporations tens of billions of dollars every year. The report found that the main reason a product fails during initial testing is that it does not perform as intended. The research looked at seven product categories and found that 78 percent of the products examined failed initial tests. Among examples cited in the report were an anti-virus product that failed to prevent infection of a computer and a system product that failed to filter out malicious traffic. The failure of a product to completely and accurately log data was the second most common reason security products do not perform as intended, the report found. Incomplete or inaccurate logging of who did what and when accounted for 58 percent of initial failures. The report said that some vendors and enterprise users consider logging a nuisance and merely a "box to check." Logging is a particular challenge for firewalls. Almost every network firewall -- 97 percent -- or Web application firewall -- 80 percent -- tested experienced at least one logging problem. The report found that 44 percent of security products had inherent security problems, including vulnerabilities that compromise the confidentiality or integrity of the system and random behavior. The report advises procurement agencies to beware of outlandish performance claims, choose more established products over new ones and choose simplicity over complexity. ICSA Labs is an independent division of Verizon Business, a unit of Verizon Communications, a leader in communications and information technology solutions. Share This Article With Planet Earth
Related Links Cyberwar - Internet Security News - Systems and Policy Issues
Web security company warns of 'cyber arms race'Washington (AFP) Nov 17, 2009 Warning of a "cyber arms race," a leading Web security firm said Tuesday that China, France, Israel, Russia and the United States were among countries that have developed "cyber weapons." "McAfee began to warn of the global cyber arms race more than two years ago, but now we're seeing increasing evidence that it's become real," said Dave DeWalt, president and chief executive of McAfee Inc. ... read more |
|
|
| The content herein, unless otherwise known to be public domain, are Copyright 1995-2009 - SpaceDaily. AFP and UPI Wire Stories are copyright Agence France-Presse and United Press International. ESA Portal Reports are copyright European Space Agency. All NASA sourced material is public domain. Additional copyrights may apply in whole or part to other bona fide parties. Advertising does not imply endorsement,agreement or approval of any opinions, statements or information provided by SpaceDaily on any Web page published or hosted by SpaceDaily. Privacy Statement |
del.icio.us
Digg
Reddit
YahooMyWeb
Google
Facebook