The firewall market has become so competitive that vendors are rushing new products and product enhancements to market without adequate testing. The International Computer Security Association (ICSA), which runs a f irewall certification testing program, reports that every product it tested in 1997 made it through its security certification program. However, a year later, 62 percent of the 45 products tested failed on the first attempt. Of these, 35 percent went on to pass only after manual configuration adjustments were made. Another 21 percent required a software patch or had to undergo some rebuilding before being certified. It is unclear what happened to the remaining 12 products that failed on the first try.
A library purchasing a firewall should check the ICSA's Web site (www.icsa.net/fpfs/fwcert.html) to determine whether each of the products being considered has been certified. Testing is done on an ongoing basis, often as frequently as four times a year on a single product. A manufacturer's claim that a product is certified may refer to a previous certification, not current certification. For that reason, current certification status should be determined by checking the ICSA site.