Security communities: working together on security and privacy

Make a contribution to more effective security and privacy in education and research.

Kom op 12 maart naar de Challenge day

STITCH: a short checklist for application security

It is increasingly important that software and services meet security requirements. But how do you choose from all these different lists and guidelines? SCIRT, the community for cyber security, has therefore developed a simplified checklist: the Security Technical IT Checklist (STITCH).

One simple security checklist for higher education and research

Every security officer at an institution knows the problem: how do we know whether a new service or software is safe? With ISO27001 you mainly look at procedural and organizational security, but you also want to test the software or service practically for technical security. The question then remains whether the latter can't be made easier, and whether a fellow institution has already done the same. SCIRT has therefore made a simple checklist that can help with this problem.

Starting points STITCH

The principle of STITCH is simple: there is a baseline with a limited number of requirements. These requirements are easy to measure, and the results are shared within SCIRT. Because of these baselines, security officers can determine much faster and easier whether a service or software is safe. STITCH consists of eight principles. Each of the principles is elaborated with an example.


Sharing results

The detailed test results are shared confidentially and only within the SCIRT community. For more information, go to the SCIRT wiki (login required).