20th February 2017 by Bill Brenner
Security vendors Cylance and CrowdStrike have accused some independent security testers of bias and unfairness, and it was a big discussion point among those who attended RSA Conference 2017 last week.
For its part, Sophos believes in independent testing as a way to make products better. In light of the RSA controversy, the company reaffirmed its views in a Sophos Blog post. Sophos CTO Joe Levy acknowledged that while these tests are not perfect, they’re still valuable:
Methodologies can never be perfect, but the best testing houses will evolve them over time. The worst will remain static and become increasingly irrelevant.
This isn’t the first time independent testers have come under scrutiny. Some accuse them of running tests that are static and out of alignment with real-world scenarios, leading to faulty results that can unfairly damage a vendor’s reputation. Others decry what they see as a pay-to-play atmosphere that leads to bias.
Naked Security reached out to security practitioners for their view on the subject. Most said the tests remain important, but that a lack of consistent standards and other problems diminish their value. In other words, there’s plenty of room for improvement.
Full Article