NSS Labs may be defunct, but its previously unreleased testing data will now see the light of day under a new testing organization created by its former CEO, Vikram Phatak.

Phatak, who left an 11-year stint at the helm of NSS Labs in 2018 after suffering a heart attack, today launched CyberRatings.org, an Austin, Texas.-based member-based organization that will generate ratings, reports, and analysis on security products and services. The new organization's first release will be product ratings based on new and unpublished NSS Labs test data for software-defined wide area network (SD-WAN) vendor offerings, and will be followed by ratings of next-generation firewall and breach prevention system products.

NSS Labs abruptly closed its doors on Oct. 15 due to what it cited as "COVID-related impacts." Privately, former employees and sources close to the company said the shutdown was due to the closure of its private equity investor, Consecutive Inc., which ultimately dried up its funding for NSS Labs. Consecutive had acquired NSS Labs for an undisclosed sum in the fall of 2019 in a move that was not publicly announced by the companies but which they later confirmed.

At the time, the privately held testing firm had shown signs of financial woes with layoffs, and several sources said the merger was a way to keep NSS Labs afloat. Jason Brvenik, who had served as CEO until its shutdown, told Dark Reading in a February interview that the deal allowed for a reorganization of the company.  

Phatak, NSS Labs' CEO from 2007 to 2018, recently acquired all of NSS Labs' testing data - including the unpublished findings - in a licensing transaction with the custodians of its assets via a liquidation process. His newly formed organization, CyberRatings.org, aims to provide a more open and inclusive source of security product assessments that also encompasses the consumer sector, he says.

CyberRatings.org will contract testing to reputable third-party testing labs, says Phatak, chairman and CEO of CyberRatings.org. "We'll focus on the ratings part [and] on information and community," he says. "Our goal is to help [people] understand how well these products work or not."

Test results alone are basically a snapshot in time, Phatak explains. "The goal of ratings is to make a forward-looking statement of what we think of the reliability of a company or product or service," he says, starting with security products but also expanding to rating managed security service providers and professional security services firms.

CyberRatings.org also will incorporate strategic information about a security firm in its ratings, such as its financial health and senior-executive hirings and departures. "All of these things go into calculating ratings," Phatak says.

Not an Island
Phatak envisions a community effort for CyberRatings.org rather than the "island" model of NSS Labs, which he admits often created an atmosphere of NSS Labs versus the security vendors. "Vendors can be part of the system being measured, but it's not 'you failed this'" with this new model, for example, he says.

NSS Labs' security-product testing infrastructure, meanwhile, is up for sale via a Silicon Valley liquidation firm. Phatak says he has no plans to purchase any of NSS Labs' testing systems, but his firm will be creating its own testing methodology for third-party testers to use as a template in their work for CyberRatings.org.

And unlike the investor-backed NSS Labs, CyberRatings.org won't be under pressure to constantly grow and increase revenue.

"This is not going to be a moneymaker," Phatak notes. "NSS Labs had a limited budget, so it had to remain narrow [in its scope]. The community is far bigger than any one organization can do, so we wanted to create that ecosystem."  

Several former NSS Labs employees have joined Phatak at the new organization, including Cathy Main, former vice president of marketing and corporate relations, who is now president of CyberRatings.org, as well as some testing analysts who had worked for the now-shuttered company.

CyberRatings.org's free community membership includes security product and services testing and rating summaries. The firm also offers higher-level memberships with more access to testing data and analysis. For example, personal membership costs $100 per year and includes detailed product rating reports.

Soon the organization plans to offer professional membership for $500 per year, small business membership for $1,000 per year, and membership for corporate and service providers for $10,000 per year.