12:34 PM
Dark Reading
Dark Reading
Products and Releases

Keeping Corrupted Tech Out Of The Global Supply Chain

Open Group launches Open Trusted Technology Provider Standard (O-TTPS) Accreditation Program

SAN FRANCISCO--(BUSINESS WIRE)--The Open Group today announces the launch of the Open Trusted Technology Provider&trade Standard (O-TTPS) Accreditation Program, one of the first accreditation programs aimed at assuring the integrity of commercial off-the-shelf (COTS) information and communication technology (ICT) products worldwide and safeguarding the global supply chain against the increasing sophistication of Cybersecurity attacks.

Intended to assure integrity in technology development and to prevent maliciously tainted and counterfeit products from entering the supply chain, the accreditation program will ensure applicants conform to the O-TTPS standard.

Companies seeking O-TTPS Accreditation - which could be component suppliers, technology providers or integrators - can choose to be accredited for conforming to the O-TTPS standard and adhering to the best practice requirements across the entire enterprise, within a specific product line or business unit or within one or more individual products.

Organizations applying to become O-TTPS accredited are then required to provide evidence of conformance to each of the O-TTPS requirements, demonstrating they have the processes in place to secure their in-house development and their supply chains across the entire COTS ICT product lifecycle, including the design, sourcing, build, fulfilment, distribution, sustainment, and disposal phases.

O-TTPS accredited organizations will then be able to identify themselves as Open Trusted Technology Providers&trade and will become part of a public registry of trusted providers who help ensure they "Build with Integrity" so their customers can "Buy with Confidence".

The Open Group is also announcing the O-TTPS Recognized Assessor Program, which assures that Recognized Assessor (companies) meet certain criteria as a third party assessor organization and that their assessors (individuals) meet an additional set of criteria and have passed the O-TTPS Assessor exam, before they can be assigned to an O-TTPS Assessment. The Open Group will operate this program, grant O-TTPS Recognized Assessor certificates and list those qualifying organizations on a public registry.

Organizations can download the O-TTPS v1.0 and the O-TTPS Accreditation Policy from the Trusted Technology Section in The Open Group Bookstore.

To learn more about becoming an accredited Open Trusted Technology Provider&trade or an O-TTPS Recognized third-party assessor visit:


Edna Conway, Chief Security Officer, Global Supply Chain, Cisco Systems and Vice-Chair of The Open Group Trusted Technology Forum, said: "The robust and cross-industry method through which the O-TTPS Accreditation Policy was developed has delivered a transparent, credible process with integrity."

Andras Szakal, Vice President, Chief Technology Officer, IBM U.S. Federal IMT: said: "Secure by Design is a key tenant of the IBM secure engineering process. The Open Trusted Technology Provider&trade Standard and Accreditation Program will help guide and recognize trusted technology vendors like IBM that value Secure by Design best practices. IBM is a proud founding member of the OTTF and has successfully piloted the accreditation program. In January 2014, IBM obtained O-TTPS accreditation for the Application Infrastructure and Middleware (AIM) Software Business Division, which includes the flagship WebSphere product line."

Sally Long, Director, The Open Group Trusted Technology Forum, said: "Being able to identify accredited organizations not only benefits commercial customers and governments, it also benefits COTS ICT providers, who can identify and choose to work with accredited component suppliers – thus enabling a holistic approach that is essential to raising the bar for all constituents in the supply chain."

Notes to editors

Tainted and counterfeit products pose significant risk to organizations because altered or non-genuine products introduce the possibility of untracked malicious behavior or poor performance. Both product risks can damage customers and suppliers resulting in failed or inferior products, revenue and brand equity loss, disclosure of intellectual property, and damage to critical infrastructure. The increase in sophistication of cyber-attacks has forced technology suppliers and governments to take a more comprehensive approach to risk management as it applies to product integrity and supply chain security. Customers are now seeking assurances that their providers are following standards to mitigate the risks of tainted and counterfeit components, while providers of COTS ICT are focusing on protecting the integrity of their products and services as they move through the global supply chain.


· For more information on The Open Group Trusted Technology Forum click here.

· To view a video featuring OTTF Vice-Chair and Cisco's Chief Security Officer, Global Supply Chain, Edna Conway discussing the work of the OTTF, please click here.

About The Open Group Trusted Technology Forum (OTTF)

The Open Group Trusted Technology Forum (OTTF) leads the development of a global supply chain security program in order to provide buyers of IT products with a choice of accredited technology partners (component suppliers, providers and integrators). The Open Trusted Technology Provider&trade Standard (O-TTPS) identifies best practices for technology integrity and supply chain security. The O-TTPS Accreditation Program assures conformance to the standard, distinguishing Open Trusted Technology Providers&trade, and fostering a secure and sustainable global supply chain.

The OTTF provides a vendor-neutral environment where security, supply chain, and acquisition professionals can lead the development of industry best practices and accreditation programs, utilize The Open Group's broad reach to build global recognition for them, and network with a world-class community of experts and peers to grow professionally. We welcome the participation of all who want to influence the direction of the OTTF.

About The Open Group

The Open Group is an international vendor- and technology-neutral consortium upon which organizations rely to lead the development of IT standards and certifications, and to provide them with access to key industry peers, suppliers and best practices. The Open Group provides guidance and an open environment in order to ensure interoperability and vendor neutrality. Further information on The Open Group can be found at

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Current Issue
Flash Poll
Threat Intel Today
Threat Intel Today
The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-07-07
Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establi...

Published: 2015-07-06
Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted provisioning template.

Published: 2015-07-06
The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote attackers to modify settings or medication data via packets on the (a) TELNET, (b) HTTP, (c) HTTPS, ...

Published: 2015-07-06
Open redirect vulnerability in the Language Switcher Dropdown module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a block.

Published: 2015-07-06
Multiple cross-site scripting (XSS) vulnerabilities in the Tournament module 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via an (1) account username, a (2) node title, or a (3) team entity title.

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report