Google has open sourced its Vendor Security Assessment Questionnaire (VSAQ) Framework with the hope that other companies and developers could use it to improve their vendor security programs and/or posture.
“VSAQ is an interactive questionnaire application. Its initial purpose was to support security reviews by facilitating not only the collection of information, but also the redisplay of collected data in templated form,” the company explained.
“At Google, questionnaires like the ones in this repository are used to assess the security programs of third parties. But the templates provided can be used for a variety of purposes, including doing a self-assessment of your own security program, or simply becoming familiar with issues affecting the security of web applications.”
The app contains four questionnaire templates, for assessing the security of web apps, security and privacy programs, infrastructure, and physical and data centers. The questionnaires can be modified to better fit company-specific requirements.
“The open source version of VSAQ does not require a dedicated back end. This means VSAQ can be hosted as a static application on any web server,” the company explained, and set up a demo so that companies can test the application before deploying it.