App security vendors issue challenge

Executives from F5 Networks, Imperva, NetContinuum, and Teros, said they planned to issue the challenge Tuesday at the Computer Security Institute conference in Washington, D.C.

In a joint statement, the executives said they believe security products must meet minimum criteria to provide protection for mission-critical web applications.

"We believe these minimums are not being met by many vendors, despite marketing claims that strongly imply such protection," they said. "The result is a false sense of security that exposes consumers and corporations to a higher risk of identity theft and other similar data loss threats."

The group says its goal is to pave the way for minimum standards to ensure the security of web applications.

In addition to Check Point and Symantec, the group is calling on Cisco Systems, Juniper Networks, and McAfee to submit their products to an independent evaluation by ICSA Labs.

Andrew Singer, manager of market intelligence at Check Point, described the group's challenge as an attempt to raise awareness about web application security: "This is a drive by these four vendors to create some sort of level of understanding for what consumers are buying when they buy web security."

Check Point supports that effort but has not decided whether it will participate in the test, he said. "Obviously, we're excited when anyone gets together to promote security and we'll look at the criteria and decide what we're going to do."

Likewise, Symantec is waiting for more details.

"Once Symantec receives the information, we will review the new test criteria in order to determine relevance to our customers and will then determine the appropriate next steps," a Symantec spokesperson said.