Page 10 - index
P. 10
4. Do you have the skilled resources and knowledge base capable of matching commercial product
offerings?
Can you acquire sufficient knowledge of malware analysis, indicators of compromise, and actionable
intelligence on your own and maintain it at that same high level throughout the life of the project? Can
you build a solution to fit your use cases? Can you integrate it into any workflow? What happens if your
needs change over time?
Knowledge Transfer and Key Person Reliance
5. What should happen to your malware analysis capabilities if your primary application
developer(s) decide to leave their jobs?
Are you creating a one-of-a-kind solution with a single point of failure? Could somebody new easily
come in and pick up the pieces right away?
Licenses, Warranties and Liability
6. Are you prepared to manage all licensing requirements and restrictions yourself?
The General Public License (GPL) is the most widely used open-source software license. It allows end
users freedom to use, study, share, copy and modify the software, and grants recipients the rights of the
Free Software Definition. Derived works must be distributed under the same license terms, however,
GPL warranty disclaimers often use the language “distributed as-is with no warranty of implied
merchantability or fitness for a particular purpose.”
Integration with Larger Frameworks
7. Can you effectively integrate a home-grown solution into other applications and processes?
How will you accomplish integration with other security tools? Is there an open and published API? Are
there will-documented examples you can use of modify? How will you implement your workflows? Can
you get help when you need it?
Ongoing Maintenance and Support
8. Can you devote long-term resources to support and improve your custom-built solution to keep
pace with ever-changing threats over time?
Developers often prefer to work on new code or new solutions, and may be less enthusiastic to perform
“maintenance” or “support” tasks. Home-grown solutions often lose momentum after the initial
deployment, especially if they fail to keep pace with COTS products. Are you prepared to manage the
complete product life cycle, including obsolescence planning and eventual replacement?
Service Levels
10 Cyber Warnings E-Magazine – August 2013 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
