Jericho Forum offers security test tool

IT security group the Jericho Forum has announced a new Self-Assessment Scheme (SAS) designed to help firms and vendors to assess the effectiveness of their security products.

The free tool (pdf) is available now and can be used to assess how well a system compares to the Jericho Forum Commandments – its 11 rules of good security design.

The scheme uses a range of probing questions that are designed to make firms properly investigate whether any particular system meets their own needs and requirements.

“The 11 Jericho Forum Commandments are adopted by many IT architects and designers throughout the industry as valuable benchmarks for measuring design concepts and solutions, while a number of end-user organisations are known to include them as part of their RFPs,” said Paul Simmonds, Jericho Forum board member.

“This new Self Assessment Scheme extends to all security vendors and customer organisations the benefits of clear measurement criteria with the goal of establishing a more secure marketplace where products are inherently secure right out of the box. This is an open invitation to the IT industry to improve security design standards.”

Jericho Forum board member and Qualys chief executive Philippe Courtot said that as more applications move into the cloud, the assessment of the level of security computing vendors provide becomes a major effort.

"The self-assessment questionnaire devised by the Jericho Forum provides a comprehensive and straightforward mechanism to start such a process," he added.

Once the assessment is completed, vendors can opt to show a badge on their packaging, proving that they have been self-assessed under the guidance of the Jericho Forum.

In a statement, the forum added, "The self-policing aspect of the scheme relies on the honesty of the submitters and the knowledge that their reputation will be damaged if their scorecard is exposed as including false claims."