How would one go about finding out the security maturity of a product?
When you are on the market for a third party service there are several things to consider when evaluating the product and service provider:
How transparent is the service provider with answers to special inquiries?
How flexible is the service provider in regard to customizing the product to your needs?
Do they listen to your request and care about it, or do they just wave it off as if “yeah, we’ll look into that, I promise!” That is a possible indication of how they will react when and if you return with a security flaw with their product.
This checklist could and should be used as a questionnaire when vetting 3rd party services that you might consider using. We have added what we think is a few great questions to start with when evaluating the security maturity of a Service Providers application. To receive it, fill in the form.