Firewall Wizards mailing list archives
re: ICSA
From: Richard Reiner <rreiner () fscinternet com>
Date: Thu, 14 Jan 1999 11:18:07 -0500
[The following was originally sent to Bugtraq, but Aleph (even though he agreed with the content) felt that another venue might be more appropriate] Tan's mention of ICSA (in his excellent Cyber-UL piece on Bugtraq), and the recent posting on firewalls about the "ICSA Firewall Buyers' Guide", reminds me of a serious and ongoing peeve which I (and some others around here) have about ICSA: In brief: Any organization which denominates itself an "Association", but which is in reality a private, for-profit company, seems to me to lose all credibility. (Were this not a public forum, I would use far stronger terms to say what I think of this practice.) Moreover, for such a commercial, for-profit entity to further the common misapprehension that it is a non-profit in the public interest by the adoption of a slogan such as "The Objective Authority in Computer Network Security" (currently plastered across ICSA's home page) strikes me (in my personal, no doubt biased, misguided, foolish, etc. opinion) as OFFENSIVE IN THE EXTREME. On ICSA's web site I read numerous statements such as "Information Security Magazine is the official publication of ICSA" (clearly reinforcing, to my mind at least, the false perception that this is an industry association with an official publication). Is this an intentional attempt to mislead the public? I shall leave that to the reader. As some may know, ICSA's previous name was NCSA -- yet this was *not* the NCSA of Mosaic and related fame, the National Center for Supercomputer Applications. *This* NCSA had nothing whatsoever to do with the *real* NCSA. While ICSA's literature does (quietly, in small type, and in buried paragraphs) admit that ICSA is a) privately held, and b) a for-profit corporation, and therefore c) not *really* an association of any kind, nevertheless the overwhelming (could it be intentional?) impression created is of a non-profit in the public interest. Finally, assessment of the credibility of ICSA's "certification" process (in respect of the quality of its deliverables, and its costs) is left as an exercise for the reader. Doesn't anybody share my outrage over these shenanigans? DISCLAIMER: the above constitutes my personal, idiosyncratic, foolish, biased, stupid (add more adjectives as necessary to satisfy the lawyers) opinion ONLY. It does not represent the views of FSC Internet Corp. or of SecureXpert Labs, nor of the officers or management of those organizations, nor of any individual save myself. -- . Richard Reiner, Ph.D., CEO . FSC Internet Corp. / SecureXpert Labs . The FSC Building, 188 Davenport Rd., Toronto, Ontario, Canada M5R 1J2 . +1 416 921 4280, fax +1 416 966 2451, www.fscinternet.com