When age meets certification meets new demands

Subject: When age meets certification meets new demands
From: Editor in Chief <editorialstandards -at- gmail -dot- com>
To: "techwr-l -at- lists -dot- techwr-l -dot- com >> TECHWR-L" <techwr-l -at- lists -dot- techwr-l -dot- com>
Date: Wed, 6 Mar 2013 11:12:55 -0500


This is probably two questions:

What does your company/industry do in this respect?
What do you say about it, in the docs?

The scenario is that we are in a fast-moving industry.
We develop hardware and software for cryptographic operations and for
securing all manner of transactions.

Many customers have requirements, in their own offerings to THEIR
customers, to use components with certain certifications and validations.

We submit our products for those certifications and validations, and
eventually get nice, shiny certificates proving that "the product" meets
this or that standard.

Customers can then incorporate our product and satisfy their auditors or
governments that they are compliant.

SOME of these certifications and validations take months to acquire.
SOME take years.

The problem is that the most time-consuming are also the most picky and
specific that the target product be a very specific version (hardware,
firmware version, accompanying software).

Because of this, we do not submit early versions of a new major release. We
wait until we have what we think is a rock-stable revision, that will get
through the lengthy process in one pass. Then we submit to the
testing/validation labs. So, a product might be nearing the middle of its
hardware lifetime by the time it's submitted. And it will be as much as two
years older when it comes out of the process with a validation. That's a
LONG time in electronic product years, and even in crypto security years.

So, the other half of the problem is that the industry keeps moving ahead,
and so do our products. By the time a Common Criteria certification is
ready, we are sometimes talking about EOS (end of sales), and how can we
extend it on a product that is two generations back and our suppliers might
be talking about EOS/EOL on some of the components they sell us to make it.
If there are drop-in replacements, we might be able to keep going, but if
any re-design of a seven-year-old product is required, it might require
tweaks to firmware, which might break certification.

Newer products in the same product lines have fixes and new features, and
are able to use algorithms that the industry has developed in the
intervening years that solve security problems that were not even a twinkle
in a programmers eye "back in the day". As well, newer products are
invariably much faster and able to handle much higher volumes of traffic.
Not all customers, especially new ones to the space, understand these

Does anybody else face this situation?
Do you feel the need to include any customer education of that nature in
your product docs?
If so, what do you say?

It's especially tough when different branches of a customer company serve
different industries/segments, and therefore ONE branch is bound to the
Certified product, but they see the other gang using newer versions from us
that make life easier and solve problems... if only....
The discrepancy is compounded when companies lose knowledgeable staff and
replace them with newbies, or worse, with people who have been working with
our newer products or even new products from competitors. The horror!

Again (if you read this far) how do you approach this?

(*)/ (*)
Don't go away. We'll be right back.
EPUB Webinar: Join STC Vice President Nicky Bleiel as she discusses tips for creating EPUB, the file format used for e-readers, tablets, smartphones, and more.

Learn more: http://bit.ly/12LyN2z


You are currently subscribed to TECHWR-L as archive -at- web -dot- techwr-l -dot- com -dot-

To unsubscribe send a blank email to
techwr-l-leave -at- lists -dot- techwr-l -dot- com

Send administrative questions to admin -at- techwr-l -dot- com -dot- Visit
http://www.techwhirl.com/email-discussion-groups/ for more resources and info.

Looking for articles on Technical Communications? Head over to our online magazine at http://techwhirl.com

Looking for the archived Techwr-l email discussions? Search our public email archives @ http://techwr-l.com/archives

Previous by Author: Re: Join Us for a TechWhirl Live Interview with Mike Hamilton and Jennifer White of MadCap this Wednesday at 1PM Eastern
Next by Author: Re: starting a sentence w/lower-case product name
Previous by Thread: Re: SlashDot notices documentation...
Next by Thread: Form application for Tablets

What this post helpful? Share it with friends and colleagues:

Sponsored Ads