Attesting to cloud security

Here's a curiousity: a cloud computing vendor information security self-assessment scheme that appears to be supported by a bunch of security companies, rather than (as I would have anticipated) a bunch of cloud service vendors keen to tick all the boxes without having to put up with some frightful auditor poking around the place.

I guess I'm feeling very cynical this evening.  The thought of vendors in an such a competitive and booming marketplace, stating their security status, even in 'an open and transparent manner', does't fill me with any more confidence than their extravagant marketing gloss.

Maybe I have totally misinterpreted it?   What do you think?