Welcome to the Acumen Security Blog

Archives for August 2014

And we are off to ICCC 2014!


Acumen is on it’s way to India to attend ICCC 2014! This is Acumen’s first conference and it is particularly special given that the venue is New Delhi, India. Acumen is in the process of becoming accredited as a CC lab under the Indian scheme and the first private sector Indian CC lab.

We are particularly stoked about being conference sponsors and having our first booth! Do stop by booth #4 to learn about Acumen and collect some cool Acumen SWAG!

We will also be presenting at the conference:

  • “Trust in the Mobile App Store – A solution by the way of Common Criteria” on September 9th, Track 3, 4:30-5pm
  • “Way Forward – Developments in Entropy Testing” on September 11th, Track 3, 10-10:30pm (Co-Presenting with Chris Brych from Oracle)

We hope you make it to these talks and ask us some interesting questions!

In the week preceeding ICCC, we will also be participating in CCUF workshop and leading the Crypto WG sessions.

It is going to be fun filled and high energy two weeks of Common Criteria immersion! We hope you can make it to ICCC. If not follow us on Twitter for live updates.

See you in New Delhi! Namaste!

Why buy a cow when you can get the milk for free?

The other day I was reading a blog post by a company I respect, Monsoon, on how they have approached sharing of product strategy guidance for free and it got me thinking about our approach at Acumen.

Like Monsoon, we are in the services industry where our customers pay us for (and hopefully are happy with) our work product namely security certification services (consulting and evaluation). However apart from these we also provide guidance on certification strategy and latest developments in the certification world. Being a new company we tend to share more openly in order to exhibit our depth of experience within the certification world. This has led us to create some pretty useful whitepapers on Suite B and FIPS 140-Next both of which are freely available on our website.

However reading the Monsoon blog got me thinking. Would it make sense for Acumen to create such high quality content and provide it for free even once we have established ourselves as a premier company in the certification world? Or for example, how much information should we provide when someone we haven’t worked with previously comes to us asking questions about what FIPS 140 is or what’s required for Common Criteria?

The answer I keep coming back to is, YES we should more openly share such information. We should not be the gatekeepers to an arcane set of requirements. Believe me, we can provide that service but really anybody can download a couple documents and read them. Where our value lies is our many years of experience both applying certifications requirements to products for testing and working hand-in-hand with product developers to find the fastest, most efficient, and most cost effective path to product certification. In fact our job will be easier if our customers are knowledgeable about the requirements and updates and changes that have been happening. Knowing the rules of the standard is table stakes, however, it’s the effective application of these rules that can be the difference between scoping a set of platforms for testing on two FIPS 140 certificates and scoping those same set of platforms on 5 or 7 certificates.

So, whether we have previously worked with you or not, if you have a government certification related question (or really just feel like chatting), give us a call. We’d love to get on the phone with you or sit down for a cup of coffee and chat. I mean, why pay for the cow when you can get the milk for free?