Consortium To Standardize Tech Supply Chain Security
Trusted Technology Forum launched by the Open Group to help vendors mitigate risks in the manufacture, transport, and sale of hardware and software.
Where was your hardware and software -- and everything that comprises it -- sourced, and is every piece of it secure?
To give technology consumers better answers to those questions, on Wednesday the Open Group -- a vendor-neutral and technology-neutral standards consortium -- announced the formation of Trusted Technology Forum (TTF), which aims to improve supply chain risk management and security.
Numerous private companies, as well as the Department of Defense, are founding members.
"If you are an entity purchasing hardware and software for mission-critical systems, you want to know that your supplier has reasonable practices as to how they build and maintain their products that addresses specific... supply chain risks," said Mary Ann Davidson, the chief security officer for Oracle, in a blog post.
"The supplier ought to be doing 'reasonable and prudent' practices to mitigate those risks and to be able to tell their buyers, 'here is what I did,'" she said. "Better industry practices related to supply chain risks with more transparency to buyers are both, in general, good things."
The forum's near-term goals are to promulgate supply chain best practices for reducing security risks, controlling and protecting engineering procedures, assessing individual technology providers, and safe procurement strategies. Its first release is slated to be the Trusted Technology Provider Framework (TTPF), a best practices framework designed to build on existing standards, such as Common Criteria.
According to Edna Conway, senior director of customer value chain management at Cisco, the forum and framework have the opportunity to create "a meaningful indicator of product assurance," meaning that customers would have greater guarantees about the products they purchase.
The TTF's founding members are Boeing, Carnegie Mellon SEI, CA Technologies, Cisco, HP, IBM, Kingdee, Microsoft, MITRE, NASA, Oracle, and the Department of Defense.
In this Dark Reading Tech Center report, we explain how your security and network teams can cooperate and use common tools to detect threats before your systems are compromised. Get it now (registration required).
Related Reading
 |
To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy. |
Subscribe to RSSResource Links
Related Webcasts
This Week's Issue
Free Print Subscription
SubscribeCurrent Healthcare Issue
- InformationWeek Healthcare CIO 25: Our second annual honor roll of the health IT leaders driving healthcare's transformation.
- EHR Unreadiness: Only a small percentage of physicians planning to apply for Meaningful Use funds have e-health record systems capable of achieving most of the requirements. .
- And much more!
- Read the Current Issue
Related Whitepapers
Featured Resource
Download this paper to learn how Dell computers running Microsoft Windows 7 can help you make your operations more secure and meet compliance requirements.
Learn More
