Analytics
2/5/2014
12:34 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

Keeping Corrupted Tech Out Of The Global Supply Chain

Open Group launches Open Trusted Technology Provider Standard (O-TTPS) Accreditation Program

SAN FRANCISCO--(BUSINESS WIRE)--The Open Group today announces the launch of the Open Trusted Technology Provider&trade Standard (O-TTPS) Accreditation Program, one of the first accreditation programs aimed at assuring the integrity of commercial off-the-shelf (COTS) information and communication technology (ICT) products worldwide and safeguarding the global supply chain against the increasing sophistication of Cybersecurity attacks.

Intended to assure integrity in technology development and to prevent maliciously tainted and counterfeit products from entering the supply chain, the accreditation program will ensure applicants conform to the O-TTPS standard.

Companies seeking O-TTPS Accreditation - which could be component suppliers, technology providers or integrators - can choose to be accredited for conforming to the O-TTPS standard and adhering to the best practice requirements across the entire enterprise, within a specific product line or business unit or within one or more individual products.

Organizations applying to become O-TTPS accredited are then required to provide evidence of conformance to each of the O-TTPS requirements, demonstrating they have the processes in place to secure their in-house development and their supply chains across the entire COTS ICT product lifecycle, including the design, sourcing, build, fulfilment, distribution, sustainment, and disposal phases.

O-TTPS accredited organizations will then be able to identify themselves as Open Trusted Technology Providers&trade and will become part of a public registry of trusted providers who help ensure they "Build with Integrity" so their customers can "Buy with Confidence".

The Open Group is also announcing the O-TTPS Recognized Assessor Program, which assures that Recognized Assessor (companies) meet certain criteria as a third party assessor organization and that their assessors (individuals) meet an additional set of criteria and have passed the O-TTPS Assessor exam, before they can be assigned to an O-TTPS Assessment. The Open Group will operate this program, grant O-TTPS Recognized Assessor certificates and list those qualifying organizations on a public registry.

Organizations can download the O-TTPS v1.0 and the O-TTPS Accreditation Policy from the Trusted Technology Section in The Open Group Bookstore.

To learn more about becoming an accredited Open Trusted Technology Provider&trade or an O-TTPS Recognized third-party assessor visit: http://www.opengroup.org/accreditation/o-ttps.

Quotes

Edna Conway, Chief Security Officer, Global Supply Chain, Cisco Systems and Vice-Chair of The Open Group Trusted Technology Forum, said: "The robust and cross-industry method through which the O-TTPS Accreditation Policy was developed has delivered a transparent, credible process with integrity."

Andras Szakal, Vice President, Chief Technology Officer, IBM U.S. Federal IMT: said: "Secure by Design is a key tenant of the IBM secure engineering process. The Open Trusted Technology Provider&trade Standard and Accreditation Program will help guide and recognize trusted technology vendors like IBM that value Secure by Design best practices. IBM is a proud founding member of the OTTF and has successfully piloted the accreditation program. In January 2014, IBM obtained O-TTPS accreditation for the Application Infrastructure and Middleware (AIM) Software Business Division, which includes the flagship WebSphere product line."

Sally Long, Director, The Open Group Trusted Technology Forum, said: "Being able to identify accredited organizations not only benefits commercial customers and governments, it also benefits COTS ICT providers, who can identify and choose to work with accredited component suppliers – thus enabling a holistic approach that is essential to raising the bar for all constituents in the supply chain."

Notes to editors

Tainted and counterfeit products pose significant risk to organizations because altered or non-genuine products introduce the possibility of untracked malicious behavior or poor performance. Both product risks can damage customers and suppliers resulting in failed or inferior products, revenue and brand equity loss, disclosure of intellectual property, and damage to critical infrastructure. The increase in sophistication of cyber-attacks has forced technology suppliers and governments to take a more comprehensive approach to risk management as it applies to product integrity and supply chain security. Customers are now seeking assurances that their providers are following standards to mitigate the risks of tainted and counterfeit components, while providers of COTS ICT are focusing on protecting the integrity of their products and services as they move through the global supply chain.

Resources

· For more information on The Open Group Trusted Technology Forum click here.

· To view a video featuring OTTF Vice-Chair and Cisco's Chief Security Officer, Global Supply Chain, Edna Conway discussing the work of the OTTF, please click here.

About The Open Group Trusted Technology Forum (OTTF)

The Open Group Trusted Technology Forum (OTTF) leads the development of a global supply chain security program in order to provide buyers of IT products with a choice of accredited technology partners (component suppliers, providers and integrators). The Open Trusted Technology Provider&trade Standard (O-TTPS) identifies best practices for technology integrity and supply chain security. The O-TTPS Accreditation Program assures conformance to the standard, distinguishing Open Trusted Technology Providers&trade, and fostering a secure and sustainable global supply chain.

The OTTF provides a vendor-neutral environment where security, supply chain, and acquisition professionals can lead the development of industry best practices and accreditation programs, utilize The Open Group's broad reach to build global recognition for them, and network with a world-class community of experts and peers to grow professionally. We welcome the participation of all who want to influence the direction of the OTTF.

About The Open Group

The Open Group is an international vendor- and technology-neutral consortium upon which organizations rely to lead the development of IT standards and certifications, and to provide them with access to key industry peers, suppliers and best practices. The Open Group provides guidance and an open environment in order to ensure interoperability and vendor neutrality. Further information on The Open Group can be found at http://opengroup.org.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Threat Intel Today
Threat Intel Today
The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-3304
Published: 2014-10-30
Directory traversal vulnerability in Dell EqualLogic PS4000 with firmware 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI.

CVE-2013-7409
Published: 2014-10-30
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .m3u (playlist) file.

CVE-2014-3446
Published: 2014-10-30
SQL injection vulnerability in wcm/system/pages/admin/getnode.aspx in BSS Continuity CMS 4.2.22640.0 allows remote attackers to execute arbitrary SQL commands via the nodeid parameter.

CVE-2014-3584
Published: 2014-10-30
The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service.

CVE-2014-3623
Published: 2014-10-30
Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vect...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.