18-19 November 2019, The Hotel, Brussels, Belgium

Vendor Self-Assessment—The Good, The Bad, and the Ugly

18 Nov 2019
2:00 pm

Vendor Self-Assessment—The Good, The Bad, and the Ugly

vendor selfassessment of the security of his IT products is in general a good idea – if it is done right.  Generally vendors always do some kind fo selfassessment of their products for many aspects and security is (if at all) just one of them. The problem is that security often may conflict with other requirements like time-to-market, performance, cost, and ‘fanciness’.  In this dilemma security is quite often viewed as less important and security problems known to the developers are ignored with the argument: we can fix this later when we have time (which quite often means – never).

The presentation will present the benefits of a ‘good’ vendor selfassessment, potential problems, and historical cases where this went wrong – with disastrous results. The presentation will also present how a vendor selfassessment (done right) can speed up third-party assessments and thereby help to overcome problems with some of today’s third party security evaluation schemes.