Product Watch: Jericho Forum Offers Free Security Product Assessment Tool

'Nasty questions' to ask your security vendors

International cloud security group Jericho Forum has created a free self-assessment tool for security vendors and buyers to determine the security of their products -- namely in cloud-based environments.

The Jericho Forum's Self-Assessment Scheme is for security vendors that want to check whether their products are cloud-ready, and for prospective buyers who want to vet those products. The tool is based on the forum's 11 commandments for security, which are basically a checklist that can be used in RFPs. It asks direct questions intended to expose security flaws or potential loopholes in products, and includes a scoring process.

Vendors will be able to add a Jericho Forum "Self-Assessed" logo on their Websites, according to the Forum.

Bob West, founder and CEO of EchelonOne and a Jericho Forum board member, says he envisions the tool as an overall scorecard. "I see this as being part of a requirements document or checklist," West says. "It's looking at a particular technology and incorporating it into a broader context."

Given the self-policing nature of the tool, it relies on the honor system: "We can't make an assumption that it's 100 percent accurate," he says. "There's still an additional amount of due diligence that needs to be done [by the buyer]. But at least you know the vendor has been thinking about this."

West says the tool is "actionable" information that buyers can use and basically puts the Jericho Forum's commandments to work. While it's an ideal fit for prospective cloud computing buyers, it can also be used for the corporate enterprise environment, he says.

The tool can be downloaded here (PDF).

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Kelly Jackson Higgins, Editor-in-Chief, Dark Reading

Kelly Jackson Higgins is the Editor-in-Chief of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was recently selected as one of the Top 10 Cybersecurity Journalists in the US, and named as one of Folio's 2019 Top Women in Media. She began her career as a sports writer in the Washington, DC metropolitan area, and earned her BA at William & Mary. Follow her on Twitter @kjhiggins.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights