Why product testing companies are finally upping scrutiny on security
- Demands on embedded security in consumer and enterprise technology products is rising with cyberthreats and prompting companies to pursue accountability and transparency measures. For example, IBM announced a network of secure testing facilities where hackers will test internet of things technologies, automotive equipment and ATMs to find vulnerabilities in hardware and software.
- Underwriter Laboratories, a safety science and certification company, will add software security to its hardware and physical security seals program next year, reports Axios. Online certifications are currently available for vendors and customers, and UL hopes the program will establish baseline best practices for industry cybersecurity. The company started the Cybersecurity Assurance Program to test software vulnerabilities in IoT products in 2016.
- Consumer Reports, a nonprofit that tests products, also released rankings of peer-to-peer payment services, the first in a set of privacy and security ratings by national experts that will continue with reviews of other IoT products like cameras and smart TVs, according to Axios. The company's platform already guides 6 million members and 15 million monthly visitors on product usage.
Product security is often taken for granted by users and too often it is an afterthought for companies hurrying to push new items to market. Security needs to be factored in from the beginning and remain a primary concern through the entire product development cycle.
IT budgets for quality assurance and testing have been in decline, and automation of the process remains at a low 16% across companies. The QA process is vital to find flaws during development and can save embarrassing and costly fallout from a recall or system breach.
A bad review or product downgrade can deal a serious blow to vendors. When Consumer Reports downgraded Microsoft laptops last fall, the fallout was immediate even as doubts about the validity of identified issues and testing methods were brought up. Despite criticisms of review and certification organizations, for many consumers without extensive security knowledge these online reviews can dictate purchasing habits.
CIOs and technology executives are increasingly responsible for communicating with customers and promoting the products and services of their company. Like cyber warranty programs, certifications from reputable and well known organizations can validate the security claims a company or seller makes about its product and establish industry standards.
It can also pressure companies with failing grades to improve the security embedded in their product. While finding out about vulnerability from a third party is never easy, getting bad news from a party trying to help instead of a hacker trying to infiltrate and exploit is a trade off worth making.
Follow Alex Hickey on Twitter