In the software business, quality is often left behind in the rush to be latest and greatest. Security products are no exception, according to a study released Monday by ICSA Labs. ICSA Labs, a unit of Verizon Business, provides third-party testing and certification of security products. The company examined 20 years of its testing data to create the "ICSA Labs Product Assurance Report". The report indicates that nearly 80 percent of security products fail to perform as intended when first tested, and generally require two or more cycles of testing before achieving certification.

ICSA studied data from their seven certification programs; anti-virus, network firewall, Web application firewall, network IPS, IPSec VPN, SSL VPNs and custom testing, which are customized testing programs designed for specific clients.

ICSA found the most common reason why a product fails during initial testing is that it doesn't adequately perform as intended. Across the seven product categories, core product functionality accounted for 78 percent of initial test failures. Examples include an anti-virus product failing to prevent infection and firewalls not filtering malicious traffic, ICSA noted in a release on the findings.

The link for this article located at CSO Online is no longer available.