Accountability in IT Security Products

Recently we hosted a special event at our office.  We invited several leading security hardware and software vendors in to understand their products and business a little more.  Each vendor was given 90 minutes to present on their particular products and allow our various teams to ask questions.

I was astonished at several who could simply not be honest about what they were selling.  One company stated their product had no weaknesses or flaws.  Another said they didn't see any short-comings to their products.  I couldn't believe they could say this with a straight face.

There is absolutely no major IT security product created that has no flaws or vulnerabilities.  For someone to simply say theirs is perfect is tantamount to a lie.  Further, if the product does have flaws why not just acknowledge them?

If you are in the market for any security product make sure to ask the tough questions of the sales person.  Be a jerk if necessary and drill the person selling it on known issues, flaws, vulernerabilities.  Dig in and ask to see what the problems may be and what issues they have.  If they are transparent and are honest, buy that product.  That manufacturer will be far better long term than the ones that cover them up.

Perfection will probably never exist in the IT security product space.  It certainly doesn't exist today.  The honest companies will serve your organization much better.  I will take character over skills any day.  Skills can be achieved through hard work.


Special thanks to Erik, Jon, and Brad for the great help that day.