SAN FRANCISCO, Dec. 15, 2010 /PRNewswire/ -- The Open Group
today announced the formation of The Open Group Trusted Technology
Forum (TTF), a global standards initiative that will provide a
collaborative, open environment for technology companies,
customers, government and supplier organizations to create and
promote guidelines for manufacturing, sourcing, and integrating
trusted, secure technologies. The forum's objective is to shape
global procurement strategies and best practices to help reduce
threats and vulnerabilities in the global supply chain.
The TTF is a proactive response to the changing cybersecurity
threat landscape and will address the mitigation of risks
potentially introduced by vulnerable supply and development
processes. Founding members are Boeing, Carnegie Mellon SEI, CA
Technologies, Cisco, HP, IBM, Kingdee, Microsoft, MITRE, NASA,
Oracle, and U.S. Department of Defense (OUSD(AT&L)/DDR&E);
the forum will operate under the stewardship of The Open Group, an
international vendor- and technology-neutral standards
consortium.
Initially, the TTF will release a framework that for the first
time unifies in a systematic way the industry best practices that
contribute to the secure and trusted development, manufacture,
delivery and ongoing operation of commercial software and hardware
products. The TTF's long-term objective is to develop a
globally-recognized program based on open, international standards.
Such a program will identify trusted technology providers and
products throughout the global supply chain, enabling suppliers to
innovate and build technology products with integrity and customers
to buy with confidence.
Governments and enterprises that use these global standards in
their technology strategy and purchasing decisions can rely on a
more comprehensive approach to risk management and product
assurance when selecting commercial off-the-shelf technology
products. Vendors and suppliers that adhere to these practices will
be able to better protect the integrity of their products and
services as they move through the global supply chain.
Leveraging its more than 20 years of experience in creating
industry best practices, standards, certification and accreditation
programs for global organizations in all verticals, The Open Group
will provide guidance and a vendor-neutral collaborative
environment for TTF members to identify industry best practices and
define a globally recognized program for providers who implement
the best practices.
"IBM is a founding member of The Open Group Trusted Technology
Forum because building security into the critical systems of the
planet requires global, multi-disciplinary and multi-sector
collaboration," said Andras Szakal,
IBM Distinguished Engineer and Board Member of The Open Group.
"Through this collaboration, IBM and other TTF participants will
identify and promote for global adoption the best practices and
tools that enable technology users and suppliers alike to
confidently develop, integrate, and update essential security
protections within the fabric of their critical systems."
Recognizing the importance of increasing trust among
manufacturers, vendors and customers, the TTF's work program will
aim to:
- Identify and promote the use of supply-chain best practices to
reduce security risks that may be intentionally or inadvertently
introduced into the global supply chain
- Identify manufacturing practices for protecting product
lifecycle and checkpoints throughout the lifecycle that mitigate
risk from uncontrolled, unprotected development methods and
engineering procedures
- Develop criteria for identifying trusted technology
providers
- Work with the global community to develop responsible and
realistic procurement strategies for mitigating supply chain
risk
"The Open Group has long served as an open environment and
facilitator whereby members around the world collaborate to create
initiatives that drive industry standards development and
certification programs," said David
Lounsbury, Chief Technical Officer of The Open Group. "By
forming the TTF in response to the growing need to address global
cyber threats, we are fortunate to be able to draw from some of the
most innovative organizations in the world as founding members and
look to their leadership to grow the Trusted Technology Provider
Framework and provide best practices to all industries and
governments."
Industry Support for the TTF
"CA Technologies is proud to be a founder of the Trusted
Technology Forum," said Tim Brown,
Chief Security Architect, CA Technologies. "We recognize that the
global community in which we operate needs an international,
standards-based program that gives vendors confidence that the
technologies in their supply chain are secure and meet the same
high-standards they hold for themselves. The criteria developed by
the TTF will assist buyers in their due diligence and help speed
time-to-market."
"HP recognizes the importance of a trustworthy and assured
secure global supply chain, and welcomes this new Open Group
initiative to identify and establish best practices and
strategies," said Mark Schiller,
Director, Security Office, HP.
"Cisco is privileged to collaborate with the IT community
reflected in the TTF to proactively address global supply chain
security concerns facing us all," said Edna
Conway, Sr. Director, Customer Value Chain Management,
Cisco. "The TTF provides the opportunity to evolve international
standards, which may be referenced by existing multi-national
certification programs, such as Common Criteria, and used as a
meaningful indicator of product assurance. Ultimately, improved
standards keep us all accountable and allow the consumer to
purchase with confidence."
"As a Platinum member and a board member of The Open Group,
Kingdee Software will work with the Trusted Technology Forum to
introduce global technology supply chain procurement and product
development standards and frameworks into Asia via The Open Group China franchise, which
is also managed by Kingdee," said Dr. Bob
Chu, Chief Enterprise Architecture Expert, Kingdee Software
and CTO of The Open Group China. "Kingdee will introduce the
Trusted Technology Provider Framework to help global manufacturers
in Asia like Lenovo, Acer, Huawei,
ZTE, Haire, NTT, etc. to develop and manufacture technology
products with integrity so that global customers can buy with
confidence in a secure global supply chain."
"Microsoft supports the Trusted Technology Forum's goal of
publishing practices that ultimately help protect end users," said
Steve Lipner, Senior Director,
Microsoft Trustworthy Computing. "Our experience applying the
Security Development Lifecycle to numerous Microsoft products over
a period of six years has demonstrated that targeted security
activities executed throughout the phases of the traditional
software development life cycle and as part of a repeatable process
result in security gains."
"The world is powered by information technology, yet we know
little about the hardware and software that enable IT," said
Mary Ann Davidson, Chief Security
Officer, Oracle. "The Trusted Technology Provider Framework brings
a much-needed outcomes-based, feasible and achievable focus on
supply chain practices related to the software and hardware that
powers critical infrastructure."
Forum Deliverables
The Open Group Trusted Technology Provider Framework (TTPF) has
been in development over the past year as a project of the
Acquisition Cybersecurity Initiative, a collaborative effort
between government and industry verticals under the sponsorship of
the U.S. Department of Defense (OUSD (AT&L)/DDR&E); and
facilitated by The Open Group. The framework is intended to benefit
technology buyers across all industries concerned with secure
development practices and supply chain management, including
government and defense, transportation, healthcare, and financial
services. The first deliverable of the TTF will be the TTPF White
Paper that will outline current industry best practices for
manufacturing trusted technology products and will build on the
highest priority areas such as supply chain integrity where action
is most likely to mitigate risk with a global recognition program
that identifies providers who are following the best practices.
For more information on The Open Group Trusted Technology Forum,
please visit: http://www.opengroup.org/ogttf/.
About The Open Group
The Open Group is a vendor-neutral and technology-neutral
consortium, which drives the creation of Boundaryless Information
Flow™ that will enable access to integrated information within and
between enterprises based on open standards and global
interoperability. The Open Group works with customers, suppliers,
consortia and other standard bodies. Its role is to capture,
understand and address current and emerging requirements, establish
policies and share best practices; to facilitate interoperability,
develop consensus, and evolve and integrate specifications and open
source technologies; to offer a comprehensive set of services to
enhance the operational efficiency of consortia; and to operate the
industry's premier certification service. Further information on
The Open Group can be found at http://www.opengroup.org.
About CA Technologies
CA Technologies (Nasdaq: CA) is an IT management software and
solutions company with expertise across all IT environments – from
mainframe and distributed, to virtual and cloud. CA Technologies
manages and secures IT environments and enables customers to
deliver more flexible IT services. CA Technologies innovative
products and services provide the insight and control essential for
IT organizations to power business agility. The majority of
the Global Fortune 500 relies on CA Technologies to manage evolving
IT ecosystems. For additional information, visit CA
Technologies at www.ca.com.
About Kingdee
Kingdee International Software Group Company Limited
(www.kingdee.com) is a listed company on the Main Board of the Hong
Kong Stock Exchange (Stock Code: 00268). Kingdee is a leader in the
Chinese software industry, a distinguished enterprise management
and middleware software provider, and an online management and
e-business application solution service provider in Asia-Pacific. Kingdee's mission is to lead the
advancement of the Chinese Management Model, provide enterprise
management application and solutions, encourage e-business and
enable customers' success. Currently, Kingdee provides ERP
products, SOA middleware products, enterprise architecture and IT
consulting, and information services including SaaS to over 800,000
enterprises, government agencies and education organizations in
Asia. Headquartered in
Shenzhen, China, Kingdee was
founded on August 8, 1993. The
affiliates of the Group include Kingdee Software Company
(China) Ltd., which focuses on the
enterprise management software market in mainland China; Kingdee Mobile Internet Technology Co.
Ltd. (www.youshang.com), which provides online management and
e-business services; Kingdee International Software Group Company
(Hong Kong) Ltd., which targets
the market of the Asia-Pacific
region besides mainland China;
Shenzhen Kingdee Middleware Company Ltd. (www.apusic.com), which
specializes in middleware products for cloud computing and SOA.
About Microsoft
Founded in 1975, Microsoft (Nasdaq: MSFT) is the worldwide
leader in software, services and solutions that help people and
businesses realize their full potential.
SOURCE The Open Group