ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    How do you handle vendor and software assments?

    IT Discussion
    3
    6
    128
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • IRJI
      IRJ
      last edited by

      How do you guys handle brining in new vendors and software? Do you use questionnaires for vendor to fill out? How many questions do you ask? Who is making final call to actually bring in these vendors or software from a security prospective?

      DashrenderD 1 Reply Last reply Reply Quote 1
      • DashrenderD
        Dashrender @IRJ
        last edited by

        @IRJ said in How do you handle vendor and software assments?:

        How do you guys handle brining in new vendors and software? Do you use questionnaires for vendor to fill out? How many questions do you ask? Who is making final call to actually bring in these vendors or software from a security prospective?

        In my case - I do sent them a list of questions. Sadly though, the BOD has generally already decided what we are going to use before I'm (IT) is asked.

        Short of me pointing out a very bad security issue (haven't run into that yet) they'll go through with poor decisions - even if I give them better options.

        IRJI 1 Reply Last reply Reply Quote 0
        • IRJI
          IRJ @Dashrender
          last edited by

          @Dashrender said in How do you handle vendor and software assments?:

          @IRJ said in How do you handle vendor and software assments?:

          Short o me pointing out a very bad security issue (haven't run into that yet) they'll go through with poor decisions - even if I give them better options.

          You've never seen a security issue with a vendor? What kind of vendors do you have?

          DashrenderD travisdh1T 2 Replies Last reply Reply Quote 0
          • DashrenderD
            Dashrender @IRJ
            last edited by

            @IRJ said in How do you handle vendor and software assments?:

            @Dashrender said in How do you handle vendor and software assments?:

            @IRJ said in How do you handle vendor and software assments?:

            Short o me pointing out a very bad security issue (haven't run into that yet) they'll go through with poor decisions - even if I give them better options.

            You've never seen a security issue with a vendor? What kind of vendors do you have?

            No, that's not what I'm saying - Since they have allowed me to ask the questions - I haven't run into a situation where they wanted us to have say - Java or Flash to use their crap. those are two examples where I would implore them not to use that solution and allow me to find something else.

            1 Reply Last reply Reply Quote 0
            • travisdh1T
              travisdh1 @IRJ
              last edited by

              @IRJ said in How do you handle vendor and software assments?:

              @Dashrender said in How do you handle vendor and software assments?:

              @IRJ said in How do you handle vendor and software assments?:

              Short o me pointing out a very bad security issue (haven't run into that yet) they'll go through with poor decisions - even if I give them better options.

              You've never seen a security issue with a vendor? What kind of vendors do you have?

              I have, tried to nix the vendor. They were claiming that md5 was still adequate protection around 2015, well after it was known not to be.

              1 Reply Last reply Reply Quote 0
              • IRJI
                IRJ
                last edited by

                Here is a good solution!

                https://www.mangolassi.it/topic/18935/vsaq-open-source-vendor-security-assessment

                1 Reply Last reply Reply Quote 0
                • 1 / 1
                • First post
                  Last post