Product Evaluation: 10 things you need to know when testing the bleeding edge of the information security
HexView has wrote up a short article on the process of doing product evaluations:
This article is intended to fill the gaps often overlooked by people when architecting security infrastructures. The list below is squeezed out of our experience in testing technology products.
Even though the article is not very long, it does stress out the 10 most important things, as well as the most common pitfalls.
The tip like the most is: Question every claim they make, and as simply as that, if a vendor claims his product uses 256 bytes for encryption, don’t believe it, verify it, most vendors will exaggerate, not because their technical guys are stupid, but rather because their sales force, and marketing team multiple everything by 2/5/10/20/etc