NetSecOPEN - Fair Testing in an Unfair World

Fair Testing in an Unfair World. Today’s content-aware security and inspection devices are being put under more demands and pressure than ever before. Network equipment vendors work every possible position and spin to showcase how well their solutions will perform over their competitors in production networks. The lines are blurred when users have to make a decision of whose solutions to deploy or what inspection policies and rule sets should be used for specific applications. Many enterprises have relied on assessment bake-off reports of various network solutions, usually done by private test labs. The issue with these private bake-offs is that the tests themselves are typically defined by the test lab and are not necessarily based on real-world use cases. The results might be published, but that actual test’s methodologies are usually kept secret – otherwise, you have to pay to see what was actually done. In fact, there have been recent lawsuits by some vendors against specific test labs citing unfair practices in results reporting, negatively impacting a vendor’s standing in the market.

Enter NetSecOPEN, an industry consortium of network equipment vendors, test labs, test equipment vendors and enterprises – all looking for a better way to test and assess next generation security devices in an open and fair way. Standardizing any aspect of technology can be a daunting task. Getting multiple entities to agree upon methods and best practices with differing opinions and approaches is a process unto itself. The outcome of this effort, however, presents more meaningful and transparent assessment solutions. Let’s consider IETF RFC2544, RFC3511 and a host of other ratified test methodologies that have been used in practice for many years. NetSecOPEN is bringing this concept to advanced security and performance testing for today’s world of advanced HTTP, HTTPS, TLS, attack and malware inspection services, with test methodologies that are in process for IETF ratification.