Friday, 30 January 2009

Certifications...trick or treat?

AppGate has customers in 22 countries and a customer base that includes almost all types of customers, from defence to car manufactures. The difference in the security knowledge between the customers is sometimes really scary. I can understand why, to keep up with the "latest and greatest" in security is not an easy task. One thing that often strikes me is that people that knows security often ask for certifications and people that has a limited knowledge seldom asks for it. In my option it should be the other way around....Certifications are good if you do not have the time, money or knowledge to test a security product.
When it comes to cars they are thoroughly tested before they can be delivered to customers, certifications are the closest thing we have in IT Security.

I am aware about the criticism against certifications, such as that they slow the development process..sometimes I think that is not a bad idea. The industry are experts in shipping untested and insecure solutions...and then spend years sending out security fixes.

No comments: