IDS mailing list archives
RE: ICSA [WAS: Re: Intrusion Prevention]
From: Greg Shipley <gshipley () neohapsis com>
Date: Mon, 30 Dec 2002 16:50:21 -0600 (CST)
On Mon, 30 Dec 2002 smarkle () icsalabs com wrote:
All - I have remained silent on this list for years. I am interested in helping mature an Industry. That is what ICSA Labs does and IDS has been one of my responsibilities since early 1999. After cutting through the stinging criticism and saber rattling, I have chosen to respond only to the paragraph above. Any vendor that knows the ICSA Labs testing methodology knows that for over ten years we have perfected pass/fail certification testing with evolving test methodology and criteria. We did this when everyone else argued that it was the wrong approach. This is the standard, and it is in fact the ICSA Labs approach that has been mirrored by other test labs.
Just for the record, the paragraph you quoted was not necessarily in reference to ICSA labs, specifically. I still stand by OSEC being a lot different then what I've seen come out of ICSA in the past, but that paragraph was in reference to publications and testing in general. Further, has ICSA labs been publishing IDS certifications since 1999? If so, my bad, I must have been mistaken / missed that. If not, then I'm even more confused.
On 1/18/01 Greg Shipley wrote: [edit] Don't get me wrong, I think there is a huge need for 3rd-partyinvolvement, and dare I say it, "certification."IMHO, there are some fronts to this that are REALLY important on. Forexample, I've heard that the ICSA team is working on >IPSEC *compliance* and interoperability testing. Ok, that's huge, as anyone who has worked with multi-vendor VPNdeployments knows that the VPN space is a mess on that front.The problem is, I question whether or not people are being mislead, and howmuch good some of these certifications (like the >firewall one) really do. Ultimately, does this type of "branding" help provide for a false sense of security? [end]
Ergh, um, now I'm more confused. I didn't write any of the above. Why is this being attributed/credited to me?
Greg - I sincerely ask you to contact me off-line and discuss a possible visit to the ICSA labs. It is evident by your post that you do not have a complete knowledge of what we do. This thread has also included reference to the ICSA Labs Firewall program. I have asked one of our most vocal critics in the past to give you his opinion on the current state of the ICSA Labs Firewall program. Look for a post in the near future on that subject.
Where in my post did I reference the ICSA Labs firewall program?!?!? I will contact you off-line, absolutely (and thank you for the offer!), but I will admit that much of your post has *ME* confused even more now.... -Greg
Current thread:
- RE: ICSA [WAS: Re: Intrusion Prevention] smarkle (Dec 30)
- RE: ICSA [WAS: Re: Intrusion Prevention] Greg Shipley (Dec 30)