Announcing the Vendor Security Alliance

Square Engineering
2 min readSep 14, 2016


At Square, we protect data like our business depends on it — because it does. We adhere to industry-leading standards to manage our network, secure our web and client applications, and set policies across our organization.

We believe our external partners should follow the same standards to which we ourselves adhere. We dedicate significant time and resources to vetting vendors: reviewing their policies, providing feedback, and pushing for stricter and stronger standards.

That’s why we’re excited to be a founding member of the Vendor Security Alliance, a coalition of companies that will seek to both streamline and strengthen the cybersecurity vetting process for vendors. We’re partnering with industry leaders, including Atlassian, Docker, Palantir, Uber, Airbnb, Dropbox, GoDaddy, and Twitter, to establish a single organization that can further these vendor security efforts and represent all of us in doing so. Creating and enforcing higher cybersecurity standards will benefit companies, customers, and vendors alike, as we unite to push for a stronger, more secure ecosystem.

Experts from each of the VSA’s member companies will collaborate to build a robust and comprehensive questionnaire for use in evaluating and qualifying potential vendors’ cybersecurity practices. This questionnaire will also help benchmark current practices across industries, as well as develop and spread standardized, widely-accepted cybersecurity standards.

The first questionnaire will be available to the public on October 1st, 2016. The VSA will develop a new questionnaire each year to ensure practices are evolving alongside advances in technology.

Higher cybersecurity standards make the internet a safer place for everyone. We’re excited to be a part of this important work. For more information, visit

