Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Security Infrastructure

Consortium Pushes Security Standards for Technology Supply Chain

A consortium of experts has published a preview of standards meant to improve the security of the global supply chain for commercial software and hardware products.

A consortium of experts has published a preview of standards meant to improve the security of the global supply chain for commercial software and hardware products.

The standards are the work of The Open Group, and are supported by companies ranging from Boeing to Oracle to IBM. The document has been dubbed the Open Trusted Technology Provider Standard (O-TTPS) Snapshot. The standards are being aimed at providers, suppliers and integrators with the goal of enhancing the security of the supply chain and allowing customers to differentiate between providers who adopt the standard’s practices and those who don’t.

Protecting IT Supply Chain“With the increasing threats posed by cyberattacks worldwide, technology buyers at large enterprises and government agencies across the globe need assurance the products they source come from trusted technology suppliers and providers who have met set criteria for securing their supply chains,” said David Lounsbury, chief technology officer of The Open Group, in a statement. “Standards such as O-TTPS will have a significant impact on how organizations procure COTS ICT products over the next few years and how business is done across the global supply chain.”

According to The Open Group, globalization has brought both benefits and risks to developers of commercial off-the-shelf products. The increasing sophistication of cyber-threats has forced technology suppliers and governments to take a more comprehensive approach to security, the organization said.

According to the FBI, from November 2007 to May 2010, Customs and Border Protection and Immigration and Customs Enforcement made more than 1,300 seizures involving 5.6 million counterfeit semiconductor devices. These semiconductors are used extensively in modern products, including many used in government, military, and aerospace industries. More than 50 seized counterfeit shipments were falsely marked as military or aerospace grade devices.

“The modern supply chain depends upon a complex and interrelated network involving the movement of goods, services, funds, and information across a wide range of global participants, making it vulnerable to increasingly sophisticated cyberattacks and an ever increasing range of breaches and disruptions,” said Andras Szakal, vice president and chief technology officer, IBM U.S. Federal. “Standards like O-TTPS are critical in helping to ensure the integrity and security of data, and giving customers peace of mind.”

Based on the Snapshot, Version 1.0 of the standard is expected to be published in late 2012.

Related: Students Develop Techniques to Keep Malware Out of the Electronics Supply Chain

Written By

Click to comment

Expert Insights

Related Content

Application Security

A new report finds that barely 1% of all SBOMs being generated today meets the “minimum elements” defined by the U.S. government.

Supply Chain Security

Oracle's Critical Patch Update for January 2023 includes 327 patches, with more than 70 that address critical-severity vulnerabilities.

Malware & Threats

Norway‎-based DNV said a ransomware attack on its ship management software impacted 1,000 vessels.

Supply Chain Security

A source code security audit led to the discovery of several vulnerabilities in Git, the widely used distributed version control system.

Malware & Threats

A GitHub Codespaces feature meant to help with code development and collaboration can be abused for malware delivery.

Malware & Threats

Fortinet warned of three malicious PyPI packages containing code that fetches the Wacatac trojan and information stealer.

Data Breaches

Nissan North America told roughly 18,000 customers that their personal information was exposed in a data breach via a third-party provider.

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem