The Vendor Security Assessment Questionnaire (VSAQ) is a Web-based application and was released under an open-source license on GitHub. It contains a collection of questionnaires that Google uses to review multiple aspects of a vendor’s security. The questions cover everything from whether the vendor has processes in place for external researchers to report vulnerabilities to HTTPS implementation details and internal data handling policies. The application will provide tips and recommendations to help the reviewed organization address issues that can pose a security risk.”]