STITCH: a short checklist for application security
It is increasingly important that software and services meet security requirements. But how do you choose from all these different lists and guidelines? SCIRT, the community for cyber security, has therefore developed a simplified checklist: the Security Technical IT Checklist (STITCH).
One simple security checklist for higher education and research
Every security officer at an institution knows the problem: how do we know whether a new service or software is safe? With ISO27001 you mainly look at procedural and organizational security, but you also want to test the software or service practically for technical security. The question then remains whether the latter can't be made easier, and whether a fellow institution has already done the same. SCIRT has therefore made a simple checklist that can help with this problem.
Starting points STITCH
The principle of STITCH is simple: there is a baseline with a limited number of requirements. These requirements are easy to measure, and the results are shared within SCIRT. Because of these baselines, security officers can determine much faster and easier whether a service or software is safe. STITCH consists of eight principles. Each of the principles is elaborated with an example.
The detailed test results are shared confidentially and only within the SCIRT community. For more information, go to the SCIRT wiki (login required).