Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

10:00 AM
Connect Directly

Former NSS Labs CEO Launches New Security Testing Organization

Member-based CyberRatings.org to offer free and tiered paid access to tested security product and services ratings.

NSS Labs may be defunct, but its previously unreleased testing data will now see the light of day under a new testing organization created by its former CEO, Vikram Phatak.

Phatak, who left an 11-year stint at the helm of NSS Labs in 2018 after suffering a heart attack, today launched CyberRatings.org, an Austin, Texas.-based member-based organization that will generate ratings, reports, and analysis on security products and services. The new organization's first release will be product ratings based on new and unpublished NSS Labs test data for software-defined wide area network (SD-WAN) vendor offerings, and will be followed by ratings of next-generation firewall and breach prevention system products.

NSS Labs abruptly closed its doors on Oct. 15 due to what it cited as "COVID-related impacts." Privately, former employees and sources close to the company said the shutdown was due to the closure of its private equity investor, Consecutive Inc., which ultimately dried up its funding for NSS Labs. Consecutive had acquired NSS Labs for an undisclosed sum in the fall of 2019 in a move that was not publicly announced by the companies but which they later confirmed.

Related Content:

NSS Labs' Abrupt Shutdown Leaves Many Unanswered Questions

The Changing Face of Threat Intelligence

New on The Edge: 5 Signs Someone Might be Taking Advantage of Your Security Goodness

At the time, the privately held testing firm had shown signs of financial woes with layoffs, and several sources said the merger was a way to keep NSS Labs afloat. Jason Brvenik, who had served as CEO until its shutdown, told Dark Reading in a February interview that the deal allowed for a reorganization of the company.  

Phatak, NSS Labs' CEO from 2007 to 2018, recently acquired all of NSS Labs' testing data - including the unpublished findings - in a licensing transaction with the custodians of its assets via a liquidation process. His newly formed organization, CyberRatings.org, aims to provide a more open and inclusive source of security product assessments that also encompasses the consumer sector, he says.

CyberRatings.org will contract testing to reputable third-party testing labs, says Phatak, chairman and CEO of CyberRatings.org. "We'll focus on the ratings part [and] on information and community," he says. "Our goal is to help [people] understand how well these products work or not."

Test results alone are basically a snapshot in time, Phatak explains. "The goal of ratings is to make a forward-looking statement of what we think of the reliability of a company or product or service," he says, starting with security products but also expanding to rating managed security service providers and professional security services firms.

CyberRatings.org also will incorporate strategic information about a security firm in its ratings, such as its financial health and senior-executive hirings and departures. "All of these things go into calculating ratings," Phatak says.

Not an Island
Phatak envisions a community effort for CyberRatings.org rather than the "island" model of NSS Labs, which he admits often created an atmosphere of NSS Labs versus the security vendors. "Vendors can be part of the system being measured, but it's not 'you failed this'" with this new model, for example, he says.

NSS Labs' security-product testing infrastructure, meanwhile, is up for sale via a Silicon Valley liquidation firm. Phatak says he has no plans to purchase any of NSS Labs' testing systems, but his firm will be creating its own testing methodology for third-party testers to use as a template in their work for CyberRatings.org.

And unlike the investor-backed NSS Labs, CyberRatings.org won't be under pressure to constantly grow and increase revenue.

"This is not going to be a moneymaker," Phatak notes. "NSS Labs had a limited budget, so it had to remain narrow [in its scope]. The community is far bigger than any one organization can do, so we wanted to create that ecosystem."  

Several former NSS Labs employees have joined Phatak at the new organization, including Cathy Main, former vice president of marketing and corporate relations, who is now president of CyberRatings.org, as well as some testing analysts who had worked for the now-shuttered company.

CyberRatings.org's free community membership includes security product and services testing and rating summaries. The firm also offers higher-level memberships with more access to testing data and analysis. For example, personal membership costs $100 per year and includes detailed product rating reports.

Soon the organization plans to offer professional membership for $500 per year, small business membership for $1,000 per year, and membership for corporate and service providers for $10,000 per year.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Vulnerability Management Has a Data Problem
Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan Cyber,  1/14/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This is not what I meant by "I would like to share some desk space"
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-01-21
Possible memory out of bound issue during music playback when an incorrect bit stream content is copied into array without checking the length of array in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobi...
PUBLISHED: 2021-01-21
Local privilege escalation in admin services in Windows environment can occur due to an arbitrary read issue in XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
PUBLISHED: 2021-01-21
Possible out of bound memory access in audio due to integer underflow while processing modified contents in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon We...
PUBLISHED: 2021-01-21
Memory corruption while calculating L2CAP packet length in reassembly logic when remote sends more data than expected in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Weara...
PUBLISHED: 2021-01-21
Arbitrary read and write to kernel addresses by temporarily overwriting ring buffer pointer and creating a race condition. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon ...