Integrity of annoucing new “Silver Bullets”!
October 16th, 2007 Drazen Drazic Posted in Bad Stuff, Risk Management, governance |
It’s no secret that the major vendors use the press to sell new products, but in the last year or so, I have noticed the journos getting wise to it and questioning whether the speel they are getting from the “security” vendors (you know who they are) is a public service announcement or marketing BS.
Here’s the tip….we know it’s mostly BS……they want the press, and they’re using you to sell their product. (Reader note: yeah…I know I am stating the obvious) But…..your editors know that, and you need to sell subscriptions………..oh and advertising…Where is the balance?
I would like to see more journos question new products.
I have seen the silver bullets for almost 15 years (in security) and never have I seen an article that says:
“Company X released Product Y. Product Y will solve all your security problems they say (DD: like they all do), but I reckon it is all bullshit. This company has been in the security field for 15 years and every new release is supposed to solve the “Enterprise” security problem, but it has not! So why would this new release be something that a (your) company would pay good dollars for?”
As an avid car, guitar, music, sports etc fan…..the mags I buy as part of my hobby(s), I expect to tell me what is good and what is not so good about new products being released. All of them do! They’ll pick every hole in a Ferrari, Fendor, Foo Fighters, All-Blacks (world cup) latest….but…..in our field, every new product in the press is supported by the marketing speel from that company….like it’s fact!
Come on IT Press…..before you talk it….have a look at it, test it, get security guys to pass opinion on it, hit it hard enough to help companies……and then write about it.
At present. you’re giving an easy ride into millions/billions of dollars for these companies whose existance relies on us never being able to secure ourselves.
Sad thing is that us security dudes play a small role in most cases (not always) in the decision making process for costly products like this for major companies that we work for……..money that could be better spent elsewhere.
October 16th, 2007 at 8:20 pm
And herein and hereby lies the story. Pay 200K for a supposed solution but baulk at 10K for a security review done by people who know what they are doing that could save you millions potentially.
October 17th, 2007 at 11:49 am
You know how all the product vendors at IT security conferences openly criticise other vendors products and paint rosy pictures of their own ?
To date I havent come across a single one that has stated that they had tested THEIR OWN security products to ensure they were secure and did truly solve the problem they were trying to solve. Not one!
Here’s a hint to product vendors reading this:
In your press releases, mention that your products are tested for security, (not at the bottom in fine print, but somewhere in the middle!) provide me security testing information that I can verify independantly, and I WILL give your product literature a 2nd read
October 18th, 2007 at 2:19 pm
I enjoy the discussions with ex-Company X employees (mainly sales guys). While employed there, nothing beat Company X’s Product Y (the ultimate security solution for every company!)…..and fair enough if you believe that at the time and it’s your job. It’s just funny how many ex-employees can easily turn on the products they once pushed so hard once they’ve left the company. What does that say?
I’ll give just one example close to home. It’s no secret that SA is close to Qualys, the makers of QualysGuard. At last years AusCert Conference, 2 ex-Foundstone sales guys (from 2 companies) came up to the SA stand for a chat (at different times). Both were glowing in their thoughts on QualysGuard and how it was far and away superior to the Foundstone offering and the best thing on the market. (DD Note: But 6-12 months before that, they were competing against us, and…..well, you can guess what they were saying about us)
January 12th, 2008 at 6:25 pm
[...] http://beastorbuddha.com/2007/10/16/integrity-of-annoucing-new-silver-bullets/#comments Leave a Reply [...]