mirror of
https://github.com/nhammer514/textfiles-politics.git
synced 2024-12-26 15:59:29 -05:00
136 lines
5.7 KiB
Plaintext
136 lines
5.7 KiB
Plaintext
NCSA POLICY CONCERNING SECURITY PRODUCT REVIEWS
|
||
February 17, 1990.
|
||
|
||
Purpose: NCSA product reviews are intended to present
|
||
complete, thorough, useful reviews of security products
|
||
to the members of the NCSA. This document's purpose is
|
||
to set forth the NCSA policy concerning such reviews.
|
||
This policy is open for discussion.
|
||
|
||
Reviewers: Reviewers may be single individuals or
|
||
"review teams." Reviewers should have some knowlege of
|
||
the application of the product, and should be capable of
|
||
writing detailed reviews. In the case of review teams,
|
||
the teams may consist of expert users, as well as novice
|
||
users. The role of the novice user is to provide input
|
||
on product ease-of-use and quality of documentation.
|
||
|
||
Conflict of Interest: NCSA reviewers must have no
|
||
interest in the product reviewed which would compromise
|
||
the integrity or accuracy of the review. All reviews
|
||
will be signed by their authors.
|
||
|
||
Procurement of Products: Products may be solicited
|
||
directly from manufacturers/software houses on behalf of
|
||
the NCSA. In return for a free evaluation copy, the
|
||
product review will become a permanent part of the NCSA
|
||
BBS, available for viewing by all members. After
|
||
completion of the review, the reviewer shall be granted
|
||
the license to the product.
|
||
|
||
Evaluation Copies: No review will be performed on a
|
||
copy which is limited in function. No review will be
|
||
performed on a "beta" version of a product, or any
|
||
product which is not available to the product.
|
||
|
||
Limit of Liability: The NCSA shall assume no
|
||
liability for, or make claims of, the capabilities or
|
||
fitness of any products. All reviews shall be carried
|
||
out to the best ability of the reviewer/review team, and
|
||
be edited if necessary by the NCSA staff.
|
||
|
||
Comments/Clarifications/Rebuttals: After a product
|
||
has been reviewed, the review shall be posted on the
|
||
NCSA BBS, and the manufacturer be allowed to comment on
|
||
the review for a period of 60 days. A copy of the
|
||
review will also be sent to the manufacturer for their
|
||
comment. After such time, the review will be edited if
|
||
necessary, based upon the responses of both the
|
||
manufacturer and any others who have commented. The
|
||
review will then become part of the permanent library of
|
||
the NCSA. A summary may be placed in the NCSA
|
||
newsletter; the full review will be placed on the NCSA
|
||
BBS for downloading by members.
|
||
|
||
Classifications: A detailed system of classification
|
||
shall be developed to assist both reviewers and readers
|
||
in their respective efforts. For example, such
|
||
categories might include PC Access Control, Data
|
||
Encryption, Virus Detection, etc.
|
||
|
||
Review Outline: The reviewer(s) shall follow the
|
||
review outline presented at the end of this document.
|
||
In this way, similar products can be compared directly.
|
||
|
||
Comparative Reviews: Where possible, a single review
|
||
will comprise a category of products. As each new
|
||
product within that category is reviewed, the new review
|
||
will be merged with the existing reviews. Where
|
||
possible, tables will be created comparing products.
|
||
This will be done to aid members in choosing a product.
|
||
|
||
Product Classification Overviews: In cases where
|
||
there are many products in a single category, a review
|
||
team may be assigned to evaluate all the reviews and
|
||
pick an "NCSA Choice". This would be the NCSA's
|
||
official recommendation, and would be awarded to the
|
||
product that best meets the criterion for its category.
|
||
|
||
Quantitative Ratings: A system of ratings shall be
|
||
developed, in order to more easily compare products. At
|
||
the time of review, an NCSA security rating will be
|
||
assigned. This will consist of a number from 0.0 to
|
||
10.0, with 0.0 providing the least security, and 10.0
|
||
the most. A scale shall be developed to aid both
|
||
reviewers and readers compare scores (i.e. 6.0-8.0
|
||
Average 8.0-10.0 Recommended, etc.). The exact form of
|
||
these ratings will be developed over time, as the first
|
||
reviews are conducted.
|
||
|
||
Access to Reviews: Reviews shall be placed in a
|
||
restricted area of the NCSA BBS, to enable only dues-
|
||
paying members to have access. Hard copies of the
|
||
reports may be requested for a small fee.
|
||
|
||
Review for Fee: At a manufacturer's or member's
|
||
request, NCSA will review a specified product. A fee may
|
||
be charged for such review, but this fee will in no way
|
||
affect the nature of the review.
|
||
|
||
Review Content: Each review will contain the
|
||
following information:
|
||
* Reviewer(s) name
|
||
* Product name
|
||
* Version of product reviewed (version number and/or
|
||
date)
|
||
* Product pricing information
|
||
* Manufacturer name, address, phone.
|
||
* Product category/function.
|
||
* Product description. This description will have a
|
||
heavy emphasis on the security offered by the product,
|
||
even if security is not the main focus of the product.
|
||
* Product capabilities. What specific features the
|
||
product offers. Such information may be drawn from
|
||
marketing materials, but must be verified by the
|
||
reviewer. Such narrative might be presented in bullet
|
||
or other narrative format.
|
||
* Definition of categories used in the ratings, and
|
||
general rating approach. This definition will be
|
||
sufficiently explicit that other reviewers will be able
|
||
to apply the method and obtain the same results on this
|
||
product. Examples of categories likely to be included:
|
||
ease of installation, ease of use, degree of protection
|
||
offered, adequacy of documentation, support, accuracy of
|
||
manufacturer's claims concerning the product, overall
|
||
value.
|
||
* Category ratings, with justification.
|
||
* Summary of ratings, in tabular form.
|
||
|
||
About this document: The first draft of this document
|
||
was prepared by Charles Rutstein, co-sysop of the NCSA
|
||
BBS. David Stang revised it. Comments are invited.
|
||
Write NCSA, Suite 309, 4401-A Connecticut Ave. NW,
|
||
Washington DC 20008. Or call NCSA voice 202-364-8252 or
|
||
leave a comment to the SYSOP on the NCSA BBS: 202-364-
|
||
1304.
|
||
|