Google teamed up with several technology companies to create baseline security measures for third-party vendors, but there’s some skepticism about how effective the checklist will be.
The collaborative effort, which Google named the Minimum Viable Secure Product (MVSP), is a “vendor-neutral security baseline” designed to test the security posture of software companies and third-party vendors. The document is comprised of safety controls that address authorization, vulnerability reporting, password policies, backup protocols and patching recommendations. Salesforce, Okta and Slack assisted in the development of MVSP, among other vendors.
According to a blog post last week by Royal Hansen, vice president of security at Google, it is intended to “increase the minimum bar for security across the industry while simplifying the vetting process.”
Securing software and third-party suppliers presents many challenges, as evidenced by an uptick in supply chain attacks, including the massive one against SolarWinds last year that utilized a poisoned software update. A portion of the White House’s executive order on improving cybersecurity in May involved “enhancing the software supply…
