Here's a curiousity: a cloud computing vendor information security self-assessment scheme that appears to be supported by a bunch of security companies, rather than (as I would have anticipated) a bunch of cloud service vendors keen to tick all the boxes without having to put up with some frightful auditor poking around the place.
I guess I'm feeling very cynical this evening. The thought of vendors in an such a competitive and booming marketplace, stating their security status, even in 'an open and transparent manner', does't fill me with any more confidence than their extravagant marketing gloss.
Maybe I have totally misinterpreted it? What do you think?