Connect with us

Hi, what are you looking for?


Security Infrastructure

Consortium Pushes Security Standards for Technology Supply Chain

A consortium of experts has published a preview of standards meant to improve the security of the global supply chain for commercial software and hardware products.

A consortium of experts has published a preview of standards meant to improve the security of the global supply chain for commercial software and hardware products.

The standards are the work of The Open Group, and are supported by companies ranging from Boeing to Oracle to IBM. The document has been dubbed the Open Trusted Technology Provider Standard (O-TTPS) Snapshot. The standards are being aimed at providers, suppliers and integrators with the goal of enhancing the security of the supply chain and allowing customers to differentiate between providers who adopt the standard’s practices and those who don’t.

Protecting IT Supply Chain“With the increasing threats posed by cyberattacks worldwide, technology buyers at large enterprises and government agencies across the globe need assurance the products they source come from trusted technology suppliers and providers who have met set criteria for securing their supply chains,” said David Lounsbury, chief technology officer of The Open Group, in a statement. “Standards such as O-TTPS will have a significant impact on how organizations procure COTS ICT products over the next few years and how business is done across the global supply chain.”

According to The Open Group, globalization has brought both benefits and risks to developers of commercial off-the-shelf products. The increasing sophistication of cyber-threats has forced technology suppliers and governments to take a more comprehensive approach to security, the organization said.

According to the FBI, from November 2007 to May 2010, Customs and Border Protection and Immigration and Customs Enforcement made more than 1,300 seizures involving 5.6 million counterfeit semiconductor devices. These semiconductors are used extensively in modern products, including many used in government, military, and aerospace industries. More than 50 seized counterfeit shipments were falsely marked as military or aerospace grade devices.

“The modern supply chain depends upon a complex and interrelated network involving the movement of goods, services, funds, and information across a wide range of global participants, making it vulnerable to increasingly sophisticated cyberattacks and an ever increasing range of breaches and disruptions,” said Andras Szakal, vice president and chief technology officer, IBM U.S. Federal. “Standards like O-TTPS are critical in helping to ensure the integrity and security of data, and giving customers peace of mind.”

Based on the Snapshot, Version 1.0 of the standard is expected to be published in late 2012.

Related: Students Develop Techniques to Keep Malware Out of the Electronics Supply Chain

Advertisement. Scroll to continue reading.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Supply Chain Security

Oracle's Critical Patch Update for January 2023 includes 327 patches, with more than 70 that address critical-severity vulnerabilities.

Supply Chain Security

Endor Labs has introduced an OWASP-style listing of the most important or impactful risks inherent in the use of open source software (OSS).

Supply Chain Security

A new report found that 98% of organizations have a relationship with a third party that has been breached, while more than 50% have...

Cybersecurity Funding

Software supply chain security management startup Lineaje raises $7 million in a seed funding round led by Tenable Ventures.

Application Security

Enterprise communication and collaboration platform Slack has informed customers that hackers have stolen some of its private source code repositories, but claims impact is...