SI Tested

SI Tested Program

quote Demand that providers of all software — both 'shrink-wrapped' and custom — demonstrate the use of security vulnerability testing during development"
  Gartner Group  

Third-Party Testing and Reporting
Consumers are rapidly seeking assurance that the technology that runs their mission critical business is secure and has been inspected for vulnerabilities by a third party experts - and many are holding off purchasing and deployment decisions until this verification has been met.  Many technology vendors are responding to this mandate by leveraging security as a business enabler and differentiator to improve their bottom line revenue.

The SI Tested Program is designed for companies who need validation of testing by an independent software security expert, either for their own internal requirements or for those of a customer. It provides a credible and visible avenue for vendors to publicize that their software has been tested for security

Key Program Components

  • Consists of two levels: SI Tested and SI Tested Plus
  • Standardized testing for ALL software application types (stand-alone/desktop, server, and enterprise) with specific testing for web applications based on OWASP, SANS, and WASC
  • Customized testing for internal or customer requirements available (requires SI Tested Plus)
  • Documentation of expert security assessment is provided in a customer-facing report and logo
logo Customers are issued a logo for use in application packaging, collateral and on web sites. Customers can opt to have their company and application published on the SI Tested Program Web site. This certified application list links back to the owning companies and includes product name, product version, and certification type (Desktop, Server or Enterprise)

SI Tested Plus Program
 The SI Tested Plus level provides additional reporting and depth of analysis as well as a “pass” letter to complement the due diligence security testing report. Other attributes include:

SI Tested Program
The SI Tested Level provides organizations independent security assessment using pre-defined criteria with fixed price  and time bands. Deliverable is due diligence security testing report.

siexclusive For more information on the SI Tested program, call +1.978.694.1008 x24

Application Criteria & Pricing

Pricing and criteria is based on the type of application being tested:
 

Application Description
Desktop

An application that resides on a local machine and is run by a local user. It may communicate with remote components but testing only covers the local component.  more>>
Server

An application that resides on a server machine and provides services to one or more remote applications.  more>>
Enterprise

An application that consists of multiple components - at least one of which is on a client machine and one of which is on a server machine with components communicating with each other over a network. This test category applies to client/server applications as well as web applications.  more>>

Disclaimer
The SI Tested and SI Tested Plus logos do not certify that an application is “hacker-proof” or safe from all potential threats. The dynamic nature of computer and software technology, coupled with the rapid evolution of hacking and attacking techniques means that no system, regardless of how much security testing is performed, can be 100% secure. The SI Tested and SI Tested Plus logos are intended to provide an indication that efforts have been taken on behalf of the vendor to understand and qualify security in a specific application. The logo and associated report are valid for only the version of the application tested. Any changes to the applications require additional testing to maintain the use of the logo.