While much of the focus has been on the hundreds of thousands of websites that could be vulnerable, what you don't hear much of, is the potential vulnerability of products that keep networks secure.
The goal of ICSA Labs Certification Testing is to significantly improve commercial computer trust and security. Recognizing that perfect computer security is unattainable, the Certification Program provides assurance to the user community that ICSA Labs Certified Products reduce security risks consistent with a set of publicly vetted and industry accepted criteria. To maintain a product's certification, participants in the Certification Program must pursue technological improvements and implement a strategy of practical risk reduction. The SSL-TLS Certification Criteria, version 3.1 is certification criteria for products that implement SSL-TLS for data confidentiality, authentication, and integrity assurance for internetwork transactions. ICSA Labs tests SSL-TLS products against a standard yet evolving set of criteria. Our SSL-TLS Certification Criteria is composed of both functional and assurance requirements. Our criteria requirements define an industry-accepted standard that all products claiming to have SSL-TLS capabilities must attain. This criteria is currently in FINAL DRAFT and all of the currently certifed SSL-TLS VPN products are being tested against it.
Addtionally, listed here are the previous crtiera documents - version 3.0. This version has been archived and is posted for informational purposes only.