A self-assessment tool to check the effectiveness of an IT security product has been developed by the Jericho Forum.
The Self-Assessment Scheme (SAS) assesses how well a solution satisfies the requirements mandated in the Jericho Forum Commandments. It claimed that the ultimate goal of the SAS is to influence IT product innovation and market forces to be security-driven instead of purely feature-driven.
It applies the commandments by asking a series of pointed questions that are geared to expose a product's security flaws or loopholes. It enables vendors to differentiate their products, based on a three-tiered scoring process that assesses how well their product or solution satisfies the requirements implicit in each commandment.
A ‘passed' product will be able to display the Jericho Forum's ‘Self-Assessed' logo on its website and marketing materials.
Paul Simmonds, Jericho Forum board member, said: “The 11 Jericho Forum Commandments are adopted by many IT architects and designers throughout the industry as valuable benchmarks for measuring design concepts and solutions, while a number of end-user organisations are known to include them as part of their RFPs.”
“This new self assessment programme extends to all security vendors and customer organisations the benefits of clear measurement criteria with the goal of establishing a more secure marketplace where products are inherently secure right out of the box. This is an open invitation to the IT industry to improve security design standards.”
The tool was welcomed by vendors. Philippe Courtot, CEO of Qualys, said that ‘such an initiative will definitively help improve the necessary transparency cloud computing vendors must deliver'.
Matt Moynahan, CEO of Veracode, said: “The need for collaboration has never been greater and yet the myriad of business models and vendor offerings available to address the continuously changing threat landscape makes finding and maintaining the most appropriate risk management solution to support this need highly challenging.
“The Jericho Forum Self Assessment tool will prove to be equally valuable to both vendors and users not only during the purchasing process but also for on-going measurement. Veracode applauds the Jericho Forum for providing a compelling framework for evaluating and selecting security products and helping end-users and vendors get beyond marketing messages to the core capabilities required to solve a very significant enterprise problem.”