Google offers app to help companies assess their vendors’ security

Google has published an interactive questionnaire that companies can use to assess the security practices of their suppliers or to review and improve their own security programs.

The Vendor Security Assessment Questionnaire (VSAQ) is a Web-based application and was released under an open-source license on GitHub. It contains a collection of questionnaires that Google itself uses to review multiple aspects of a vendor’s security.

The application has templates for Web application security, infrastructure security, physical and data center security and an organization’s overall security and privacy program. The questions cover everything from whether the vendor has processes in place for external researchers to report vulnerabilities to HTTPS implementation details and internal data handling policies.

To read this article in full or to leave a comment, please click here