Certifiable Security

It's not like we don't have enough acronyms floating around our industry--acronyms for standards, technologies, product designations, and professional certifications. Add to that list the group of acronyms and names for product certifications administered by various groups and the alphabet soup gets truly thick and meaty. After getting Yet Another Press Release (YAPR) touting a product that had received FIPS and Common Criteria certification, I decided to ask just why someone not in government service should care about these pieces of paper. I ended up talking with Tom Gilbert of Blue Ridge Networks about his experience with the certifications and the process to get them. Now, his company makes products that come complete with press releases announcing government-related certification, so he can't be called an entirely neutral source, but I thought tha the interview brought out a number of interesting points concerning certifications and whether (or why) you should care about them in private industry. the You can listen to the podcast here. After you do, drop me a note ([email protected]) to let me know whether product certifications are part of the criteria you use when choosing which products to purchase and deploy.

If you you haven't already subscribed to the podcast, look over to the left, you'll find the link to subscribe to the Security Channel podcast. In addition, I'd like to ask a favor. Take a minute to drop me a note at [email protected], and let me know what you'd like to hear in future podcasts. A podcast can be short or long, serious or amusing, hands-on or quite strategic. Let me know what you'd like to listen to, and we'll do our best to make it happen.

The music in this podcast is "Anubis Claws" from the album Aeonblue by subatomicglue. They release their music under a Creative Commons license--if you like the sound, head over to their web site and check out the rest of their music.