本帖最后由 【乱】 于 2012-11-8 05:48 编辑
为什么认证是(corporate)企业? 而江民通过的是consumer(消费者)
而且据上次的内容:http://bbs.kafan.cn/forum.php?mo ... ;extra=#pid26647136
360厂商身份是beijing qiku keji 一下子变回qihoo 360 了~
另外360又获得一项认证是好事 但是不是国内杀软都喜欢‘过高’宣传?
国际电脑安全协会(ICSA Labs)可能是最有名提供数百个安全厂商中立的测试和认证
的产品。虽然认证不能消除风险,并不能保证产品的性能,它可以显着
降低风险,确保产品符合客观的标准,从而提高安全性,信任和可用性
ICSA Labs is probably best known for providing vendor-neutral testing and certification for hundreds of security
products. While certification cannot eliminate risk and is not a guarantee of product performance, it can substantially reduce risk by ensuring that products meet objective criteria, thereby increasing security, trust, and usability.
测试和认证流程
合同签订后,该产品送到ICSA实验室,在那里它被部署在实验室和测试对
目前的标准。采取非常谨慎,以确保测试环境和流程模型在现实世界。
测试阶段完成后,任何标准的违规行为或问题的通知供应商。 A标准违反指示该产品未通过的标准中定义的一个或多个测试例。认证要求所有的测试案例成功地实现了。分析师指出一切违反测试足够详细的解释测试情况下给供应商,以及重现的结果。然后,厂商努力解决侵犯,并重新提交ICSA实验室进行测试的产品。这个过程一直持续,直到达到认证(或保留),直到供应商撤回产品测试,或直到超出测试合同的边界。
该产品仍不断在测试实验室中部署的整个长度的合同。每个测试
程序重新测试认证的产品在不同的频率,但在大多数情况下,产品每年至少测试。
在防病毒和防垃圾邮件检测程序,产品测试更加频繁(每月和每日
分别)。在除了定期测试时间表,产品可用于需求测试24/7的基础上
Testing and Certification Process
After a contract is signed, the product is delivered to ICSA Labs where it is deployed in the lab and tested against
the current criteria. Great care is taken to ensure that the testing environment and procedures model the real world.
Once a testing phase is complete, the vendor is notified of any criteria violations or issues. A criteria violation indicates
that the product did not pass one or more test cases defined in the criteria. Certification requires that all test cases be
successfully met. The analyst identifies all violations and explains the test cases in sufficient detail for the vendor to
reproduce the results. Vendors then work to address violations and resubmit the product to ICSA Labs for testing.
This process continues until certification is attained (or retained), until the vendor withdraws the product from testing,
or until the boundaries of the testing contract are exceeded.
The product remains continuously deployed in the testing lab throughout the length of the contract. Each testing
program re-tests certified products at different frequencies, but for the most part, products are tested at least annually.
In the Anti-Virus and Anti-Spam testing programs, products are tested much more frequently (monthly and daily
respectively). In addition to the regular test schedule, products are available for on-demand testing on a 24/7 basis.
资料来源:ICSA 介绍报告(英文)
|
发表于 2012-11-8 05:28:52
