While much of the focus has been on the hundreds of thousands of websites that could be vulnerable, what you don't hear much of, is the potential vulnerability of products that keep networks secure.
Secure Socket Layer - Transport Layer Security (SSL-TLS) technology is an important component of a comprehensive enterprise security strategy. SSL-TLS is a widely used protocol for secure network communications. There are a number of diverse markets that have products using implementations of SSL-TLS. Originally designed as a way to secure browsing of the Web, SSL-TLS implementations are now used in VPNs, Business Transaction Servers, Application Servers, as well as other core business functions. Our goal is to develop a certification testing program that will give buyers of these products the assurance that only a reputable independent third party testing facility like ICSA Labs can provide. That is, a standards based program, with a publicly vetted and posted criteria, against which all products are tested.
Interested in being tested? Interested in joining the SSL-TLS Product Developers Consortium? SSL developers should contact Harry Brittain, Vendor Services Sales Mgr., at (717) 790-8111 with membership questions. Alternatively, you can send him an email.