Tested by Security Innovation Program
Security Innovation helps software development companies establish a security baseline for their products and provide their customers with the confidence they need to deploy them. The program’s goal is to provide clients who wish to publicize that their applications have been tested for security vulnerabilities a credible and visible avenue in which to do so.
The Tested by Security Innovation Logo and Report
 |
Applications that meet the program requirements are awarded a logo which may be included in application packaging and displayed in collateral and on web sites. The logo tells customers that the application has been through a rigorous security testing process that has isolated and mitigated high severity vulnerabilities - and that you as the vendor are serious about the security in your products. The report can be distributed to your customers and will also be made publicly available on the program web site. |
Key Program Components
The grant of the Tested by Security Innovation logo requires the application go through a standard test plan and that the application under test did not display any significant vulnerabilities. The plan is pass/fail only and failure in any part of the plan fails the entire application.
 |
The program employs a Standardized Test Plan for major application types classified by desktop, server and enterprise. Each plan will execute attacks against fifteen (15) predefined areas using standard attack mechanisms, and the process will be consistent across each application type. |
|
|
The Tested by Security Innovation logo is granted to the application under test which did not display any significant vulnerabilities. The plan is pass/fail only and failure in any part of the plan fails the entire application. |
|
|
Each application has a unique and serialized logo specific to that application and version. Any changes made to that application requires a retest and a new serialized logo |
|
|
All applications that have been awarded the logo are published on the Program Web site. This certified application list links back to the owning companies and includes the product name, product version, and certification type. |
 |
For more information on the Tested by Security Innovation program, download our program sheet, visit the program web site or call +1.978.694.1008 x23 |
Application Criteria & Pricing
Pricing and criteria is based on the type of application being tested:
| Application | Description |
| Desktop |
An application that resides on a local machine and is run by a local user. It may communicate with remote components but testing only covers the local component. more>> |
| Server |
An application that resides on a server machine and provides services to one or more remote applications. more>> |
| Enterprise |
An application that consists of multiple components - at least one of which is on a client machine and one of which is on a server machine with components communicating with each other over a network. This test category applies to client/server applications as well as web applications. more>> |
|
|
For more information on the Tested by Security Innovation program, download our program sheet, visit the program web site or call +1.978.694.1008 x23 |
Disclaimer
The Tested by Security Innovation logo does not
certify that an application is “hacker-proof” or safe from all
potential threats. The dynamic nature of computer and software
technology coupled with the rapid evolution of hacking and attacking
techniques means that no system, regardless of how much security
testing is performed, can be 100% secure. The Tested by Security
Innovation logo
is intended to provide an indication that efforts have been taken on
behalf of the vendor to qualify security in that specific
application. The logo and associated report are valid for only the
version of the application tested, and that version is dually
documented in the Tested by Security Innovation report. Any
changes to the applications naturally require additional testing to
maintain the use of the logo.
