CERTIFICATIONS | NetSec OPEN

Additionally, the CVE vulnerability set was split into two sets, one public and one private. The only purpose of testing with these sets was to ensure that the security function of the Device Under Test (DUT) was active. In no way should the results articulated be considered to reflect how effective the security of the DUT was.

Finally, the DUT vendors were only provided with the public vulnerability set. The private set was used to ensure that no one would game the test.

Availability of DUT config and Test Tool config

In order to ensure the transparency of the certification testing the test labs, DUT vendors and test tool
vendors are required to provide the configurations use during the test.

The DUT vendor is to provide the configuration of the DUT used during testing. The test tool vendor is to
provide the default configuration of the test tool used. The labs are required to document any changes
to the test tool default configuration in their test report.

These configurations files and information are available to all interested parties. Please contact the
NetSecOPEN Certification Body at netsecopen-cert-body@netsecopen.org. You will be asked to provide
verifiable information to confirm your identity. (This information will not be shared outside of
NetSecOPEN.)

HardenStance Whitepaper on NetSecOPEN Testing