Does Using “Certified” Software Products Improve Compliance?

It seems the term “certified” is being used more and more…for professionals, hardware, software, you name it.
You see software vendors touting that their products have been certified and that they will help companies meet “compliance,” but I have found very little research into what this really means, or if it means anything at all.

Over the past few years, there have been a slew of security certifications that have sprung up professing to validate that the security product you are buying has been independently vetted to validate that it is trustworthy and will not create more vulnerabilities than it closes if you implement it within your enterprise.
I am skeptical of many vendor-specific certifications; some seem as though the only real benefit is to the vendor that is offering the certification as another revenue stream for their company, which weakens their objectivity. After all, if a vendor wants to sell as many of their certifications as possible to bump up their revenue, they are likely to not be as stringent as an organization, such as one of those providing certification for the Common Criteria, that is providing certification as a way to provide an internationally accepted methodology to validate the security of software.
In general, it is always a good thing to know that there has been an independent review of a security product prior to committing to the purchase. The key is to ensure qualified and truly non-biased reviewers performed the certification process, and that the certification was not obtained just by paying enough money for it.
But can these certifications be used to help with compliance? Well, that depends…on the certification, on the type of software, on the type of compliance, and other issues…
I wrote about this in a paper I recently posted, “Using Certified Products to Improve Compliance.”
Along with my discussion and analysis, within it I provide a listing and description of 7 of the better-known such software certifications.
Check it out and let me know what you think!

Tags: , , , , , , , , , ,

Leave a Reply