Risk Management with Stuart King and Duncan Hart

Oct 25 2007   6:15AM GMT

SFDC – AppExchange Certification Process

sking2 Profile: sking2


I was chatting to a techie from SalesForce.com a couple of evenings ago and questioning him about the processes in place for ensuring the security of applications posted on their AppExchange. It’s a pretty comprehensive process and one that might be useful to adapt for your own development work. The questionnaires used in the assessment process are available online here and well worth a look.

The associated spreadsheets are comprehensive enough although I will level a couple of criticisms: they look sloppy in the way they are presented and are not easy to follow. I’d also apply weightings to the various sections and use the questions responses to calculate a risk score based on the risk profile of the application in question (similar to the process used within my own organisation). For instance, for some applications, some questions might be more necessary to answer yes to than others. Because the assessment is going to potentially be used against thousands of applications, some benchmarking and scoring system could be useful – both to SFDC and to the developer.

Perhaps then SFDC could keep a league table based on assessment scores. Just a thought…

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: