Security through certified development

The recent launch of the Open Trusted Technology Provider Standard (O-TTPS) Accreditation Program by the international vendor- and technology-neutral standards and certifications consortium, Open Group, marks a new way of trying to defend users of cloud and internet services against the increasing sophistication of Cybersecurity attacks.

The program is being aimed at a broad security target, assuring the integrity of commercial off-the-shelf (COTS) information and communication technology (ICT) products worldwide and safeguarding the global supply chain.

Tainted and counterfeit products pose significant risks to organisations because altered or non-genuine products introduce the possibility of untracked malicious behavior or poor performance. Either of these can damage customers and suppliers, resulting in failed or inferior products, revenue and brand equity loss, disclosure of intellectual property, and damage to critical infrastructure.

The increase in sophistication of cyber-attacks has forced technology suppliers and governments to take a more comprehensive approach to risk management as it applies to product integrity and supply chain security.

“Being able to identify accredited organizations not only benefits commercial customers and governments, it also benefits COTS ICT providers, who can identify and choose to work with accredited component suppliers – thus enabling a holistic approach that is essential to raising the bar for all constituents in the supply chain.”

It is intended to assure users of the integrity in technology development, and to prevent maliciously tainted and counterfeit products from entering the supply chain, by using the accreditation program  to ensure applicants conform to the O-TTPS standard.

Companies seeking O-TTPS Accreditation - which could be component suppliers, technology providers or integrators - can choose to be accredited for conforming to the O-TTPS standard and adhering to the best practice requirements across the entire enterprise, within a specific product line or business unit or within one or more individual products.

Organisations applying to become O-TTPS accredited are then required to provide evidence of conformance to each of the O-TTPS requirements, demonstrating they have the processes in place to secure their in-house development and their supply chains across the entire COTS ICT product lifecycle. This will include the design, sourcing, build, fulfilment, distribution, sustainment, and disposal phases.

O-TTPS accredited organisations will then be able to identify themselves as Open Trusted Technology Providers.

They will become part of a public registry of trusted providers who help ensure they `Build with Integrity’ so their customers can `Buy with Confidence’.

The Open Group is also announcing the O-TTPS Recognised Assessor Program, which assures that Recognised Assessor (companies) meet certain criteria as a third party assessor organisation and that their assessors (individuals) meet an additional set of criteria and have passed the O-TTPS Assessor exam, before they can be assigned to an O-TTPS Assessment.

The Open Group will operate this program, grant O-TTPS Recognised Assessor certificates and list those qualifying organisations on a public registry.

Organisations can download the O-TTPS v1.0 and the O-TTPS Accreditation Policy here.

Sally Long, Director, The Open Group Trusted Technology Forum, said: “Being able to identify accredited organizations not only benefits commercial customers and governments, it also benefits COTS ICT providers, who can identify and choose to work with accredited component suppliers – thus enabling a holistic approach that is essential to raising the bar for all constituents in the supply chain.”