Is Wingate 6 secure? Why is it not certified by any Firm?

WinGate Proxy Server and other Qbik products

Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems
Post a reply
trialtester2999

Is Wingate 6 secure? Why is it not certified by any Firm?

Nov 23 04 3:36 pm

Hi, we've been wondering since we have finalized our evaluation with Wingate 6.0 we haven't seen any certification of your product from any Firm or Institute which tests for quality like ICSA LABS, is wingate safe enough for Enterprise deployment say a bank or school? Is it hack-proof?
labull
  • labull
  • Posts: 710
  • Joined: Sep 06 03 1:03 am
  • Location: Washington, DC - USA

Nov 23 04 4:10 pm

Interesting question.

Describe the security you want to see.

Saying something is "Hack proof" is quite an invitation.

Larry
adrien
  • adrien
  • Posts: 5448
  • Joined: Sep 03 03 2:54 pm
  • Location: Auckland
  • Website

Nov 23 04 4:33 pm

Hi

The issue of independent certification is a sticky one, which we have considered before. With all due respect to the certification organisations, we haven't yet really seen a hugely compelling reason to seek certification. Mainly because of several drawbacks to it, namely:

a) it is expensive (you pay a fairly sizeable fee to cover the testing)
b) it is only given for one version of the software, if you develop another or put out an upgrade, you need to get it re-certified, since at any stage it is possible to introduce vulnerabilities. We frequently put out updates.
c) they can only "black-box" test the product with known tests - i.e. they can only test for what they know. They don't get the source code to analyse and look for weaknesses in.

There are of course some obvious advantages as well, but overall, from the customer's perspective these certifications are usually justified by a developer primarily in terms of marketing value.

To date for this we have relied on real world experiences by users. We have many installations in banks and other security-conscious organisations, we protect our own servers with the product, and are subjected to a multitude of attacks on a daily basis. Battle-hardening is a key to security that cannot be overlooked.

So in summary, the jury is constantly out on this topic, it is not written off forever. There may well be a time in the future where we decide the best path is to seek certification.
trialtester2999

Nov 23 04 5:06 pm

Thank you very much for your detailed reply on our concern. Rest assured that since you are very honest we are leaning towards your product, we are a sizeable bank company and we are currently evaluating at least 10 leading products on this category. See you soon.
Post a reply
Switch to full style

Powered by phpBB © phpBB Group.

phpBB Mobile / SEO by Artodia.

Board index