Abstract :
How can you tell if an IT security product (or a product that includes security components) can secure your application? How can you be certain that a product will fully deliver on its claims that it will protect against malice in a deployed environment? Unfortunately, few vendors - and even fewer customers - can make these judgments. The article won´t make you a security wizard, but it will give you a feel for what to look for in, and when to be concerned about, a vendor´s claims. To ensure that a product has a chance of being secure; customers should check that vendors use adequate approaches in four primary areas. In order of importance (and maturity and availability), they are: quality-control (QC) mechanisms; cryptographic primitives; hardware assist mechanisms; and separation mechanisms.
Keywords :
quality control; security of data; IT security product; cryptographic primitives; hardware assist mechanisms; quality-control mechanisms; separation mechanisms; ANSI standards; Computer security; Cryptographic protocols; Digital signatures; Elliptic curve cryptography; Hardware; Information security; Privacy; Process design; Robustness; cryptographic primitives; hardware assist; separation mechanisms; software quality-control;