Four criteria for evaluating a security vendor
Security is a process. No one solution protects against all threats, and no product remains unchallenged by the ever-evolving threat landscape. As threats evolve, so, too, does our security posture—the specific tools and policies we use to protect ourselves.
In this way, security products are fundamentally different from other applications. You can buy a word processor and not worry about it for a few years; if there are bugs, you can probably work around them. For security products, the bar is much higher. Even simple design flaws and bugs will be exploited by hackers. Security vendors therefore have a much greater responsibility to their customers; their software has to be extraordinarily robust from the day it goes out, and they must respond quickly to security events, being willing and able to update their product often throughout its lifecycle.
By Irfan Salim at Enterprise Systems.
[ Read more ]