3 months, 5 days ago

A Shared Language for Supply Chain Security

In the world of technology, there are paradigms of language that arise organically and artificially over time. Necessity requires a shared mode of communication for ideas and as a result, descriptors, nouns, and technical designators are created and shared. The problem arises when certain words acquire a surfeit of meaning, so much so that they paradoxically become less meaningful. There are many examples of this but for our purposes, we’re going to look at “Supply Chain Security”.

3 months, 27 days ago

Solorigate: A case study for why supply chain security is critical for governments and businesses

By Jim Hietala (VP, BD and Security), Andras Szakal (VP and CTO), John Linford Security and OTTF Forum Director) – The Open Group

In potentially the most damaging cyber-supply chain attack ever, a leading IT systems management vendor became the latest hi-tech company to suffer a major cybersecurity breach with wide-reaching consequences. The malware that caused the attack has been dubbed SUNBURST by Microsoft and code-named Solorigate by FireEye, the security consulting firm that uncovered the breach after falling victim to it late last year.

After successfully infiltrating the development environment, attackers were able to observe and learn how to subvert the vendor’s development and operations pipeline. Hackers were then able to maliciously taint the vendor’s product by planting a sophisticated trojan. Once the software, which required broad systems access, was installed in customers’ environments, the attackers were able to leverage the tainted software to exfiltrate sensitive information from within an organization’s network.

8 months, 7 days ago

Open Trusted Technology Provider™ Standard (O-TTPS) Version 2.0 Update Project

The Open Group Open Trusted Technology Forum (OTTF) is pleased to announce that it is initiating a project to update the Open Trusted Technology Provider™ Standard (O-TTPS), a standard of The Open Group, Parts 1 and 2 to Version 2.0.  The O-TTPS V2.0 Update Project will seek to update Parts 1 and 2 of the O-TTPS to reflect learnings from organizations that have successfully certified products against the standards as well as the work done by government organizations in the area of supply chain security.

4 years, 3 months ago

The Open Trusted Technology Provider™ Standard (O-TTPS) – Approved as ISO/IEC 20243:2015 and the O-TTPS Certification Program

By The Open Group The increase of cybersecurity threats, along with the global nature of Information and Communication Technology (ICT), results in a threat landscape ripe for the introduction of tainted (e.g., malware-enabled or malware-capable) and counterfeit components into ICT … Continue reading

5 years, 10 months ago

Podcast: Securing Business Operations and Critical Infrastructure: Trusted Technology, Procurement Paradigms, Cyber Insurance

Following is the transcript of an Open Group discussion on ways to address supply chain risk in the information technology sector marketplace. Listen to the podcast. Find it on iTunes. Get the mobile app for iOS or Android. Sponsor: The … Continue reading

7 years, 3 months ago

New Accreditation Program – Raises the Bar for Securing Global Supply Chains

By Sally Long, Director of The Open Group Trusted Technology Forum (OTTF)™ In April 2013, The Open Group announced the release of the Open Trusted Technology Provider™ Standard (O-TTPS) 1.0 – Mitigating Maliciously Tainted and Counterfeit Products. Now we are announcing … Continue reading

8 years, 1 month ago

Developing standards to secure our global supply chain

By Sally Long, Director of The Open Group Trusted Technology Forum (OTTF)™ In a world where tainted and counterfeit products pose significant risks to organizations, we see an increasing need for a standard that protects both organizations and consumers. Altered or non-genuine products introduce the possibility of untracked malicious behavior or poor performance. These risks can damage … … Continue reading

8 years, 2 months ago

Quick Hit Thoughts from RSA Conference 2013

One of the responsibilities (and benefits) of my job is getting to go to great conferences like the RSA Security Conference which just wrapped last week. This year I was honored to be selected by the Program Committee to speak twice at the event. Both talks fit well to the Policy and Government track at the show. … Continue reading

8 years, 5 months ago

#ogChat Summary – 2013 Security Priorities

Totaling 446 tweets, yesterday’s 2013 Security Priorities Tweet Jam (#ogChat) saw a lively discussion on the future of security in 2013 and became our most successful tweet jam to date. In case you missed the conversation, here’s a recap of yesterday’s #ogChat! Continue reading

8 years, 5 months ago

Questions for the Upcoming 2013 Security Priorities Tweet Jam – Dec. 11

Last week, we announced our upcoming tweet jam on Tuesday, December 11 at 9:00 a.m. PT/12:00 p.m. ET/5:00 p.m. BST, which will examine the topic of IT security and what is in store for 2013. The discussion will be moderated by Elinor Mills, former CNET security reporter, and our panel of experts will include… Continue reading

8 years, 10 months ago

The Open Group Trusted Technology Forum is Leading the Way to Securing Global IT Supply Chains

An Open Group podcast examining the advancement of The Open Group Trusted Technology Forum (OTTF) to gain an update on the effort’s achievements, and to learn more about how technology suppliers and buyers can expect to benefit in advance of The Open G…