Third party vulnerability tests are the only way to ensure that a security product is well-designed and configured, minimising the chance of system compromise through hidden vulnerabilities. Lower levels of Common Criteria certification, such as EAL2 require only developer vulnerability testing. The danger of relying on the developer to carry out these tests is that errors and assumptions made in design and development are likely to be repeated in testing, thereby increasing the risk of overlooking product weaknesses.
Implementing new solutions to protect the network infrastructure will always have hidden dangers if not considered carefully. With cost justification constantly in question, it is only reasonable to mitigate risks to a sensible level, but at least Common Criteria gives organisations reassurance that their decisions won’t be a case of out of the frying pan and into the fire.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.