The Open Group Announces Formation of Trusted Technology Forum to Identify Best Practices for Securing the Global Technology Supply Chain

SAN FRANCISCO, Dec. 15, 2010 /PRNewswire/ -- The Open Group today announced the formation of The Open Group Trusted Technology Forum (TTF), a global standards initiative that will provide a collaborative, open environment for technology companies, customers, government and supplier organizations to create and promote guidelines for manufacturing, sourcing, and integrating trusted, secure technologies. The forum's objective is to shape global procurement strategies and best practices to help reduce threats and vulnerabilities in the global supply chain.  

The TTF is a proactive response to the changing cybersecurity threat landscape and will address the mitigation of risks potentially introduced by vulnerable supply and development processes. Founding members are Boeing, Carnegie Mellon SEI, CA Technologies, Cisco, HP, IBM, Kingdee, Microsoft, MITRE, NASA, Oracle, and U.S. Department of Defense (OUSD(AT&L)/DDR&E); the forum will operate under the stewardship of The Open Group, an international vendor- and technology-neutral standards consortium.

Initially, the TTF will release a framework that for the first time unifies in a systematic way the industry best practices that contribute to the secure and trusted development, manufacture, delivery and ongoing operation of commercial software and hardware products. The TTF's long-term objective is to develop a globally-recognized program based on open, international standards. Such a program will identify trusted technology providers and products throughout the global supply chain, enabling suppliers to innovate and build technology products with integrity and customers to buy with confidence.

Governments and enterprises that use these global standards in their technology strategy and purchasing decisions can rely on a more comprehensive approach to risk management and product assurance when selecting commercial off-the-shelf technology products. Vendors and suppliers that adhere to these practices will be able to better protect the integrity of their products and services as they move through the global supply chain.  

Leveraging its more than 20 years of experience in creating industry best practices, standards, certification and accreditation programs for global organizations in all verticals, The Open Group will provide guidance and a vendor-neutral collaborative environment for TTF members to identify industry best practices and define a globally recognized program for providers who implement the best practices.

"IBM is a founding member of The Open Group Trusted Technology Forum because building security into the critical systems of the planet requires global, multi-disciplinary and multi-sector collaboration," said Andras Szakal, IBM Distinguished Engineer and Board Member of The Open Group. "Through this collaboration, IBM and other TTF participants will identify and promote for global adoption the best practices and tools that enable technology users and suppliers alike to confidently develop, integrate, and update essential security protections within the fabric of their critical systems."

Recognizing the importance of increasing trust among manufacturers, vendors and customers, the TTF's work program will aim to:

• Identify and promote the use of supply-chain best practices to reduce security risks that may be intentionally or inadvertently introduced into the global supply chain
• Identify manufacturing practices for protecting product lifecycle and checkpoints throughout the lifecycle that mitigate risk from uncontrolled, unprotected development methods and engineering procedures
• Develop criteria for identifying trusted technology providers
• Work with the global community to develop responsible and realistic procurement strategies for mitigating supply chain risk

"The Open Group has long served as an open environment and facilitator whereby members around the world collaborate to create initiatives that drive industry standards development and certification programs," said David Lounsbury, Chief Technical Officer of The Open Group. "By forming the TTF in response to the growing need to address global cyber threats, we are fortunate to be able to draw from some of the most innovative organizations in the world as founding members and look to their leadership to grow the Trusted Technology Provider Framework and provide best practices to all industries and governments."

Industry Support for the TTF

"CA Technologies is proud to be a founder of the Trusted Technology Forum," said Tim Brown, Chief Security Architect, CA Technologies. "We recognize that the global community in which we operate needs an international, standards-based program that gives vendors confidence that the technologies in their supply chain are secure and meet the same high-standards they hold for themselves. The criteria developed by the TTF will assist buyers in their due diligence and help speed time-to-market."

"HP recognizes the importance of a trustworthy and assured secure global supply chain, and welcomes this new Open Group initiative to identify and establish best practices and strategies," said Mark Schiller, Director, Security Office, HP.

"Cisco is privileged to collaborate with the IT community reflected in the TTF to proactively address global supply chain security concerns facing us all," said Edna Conway, Sr. Director, Customer Value Chain Management, Cisco. "The TTF provides the opportunity to evolve international standards, which may be referenced by existing multi-national certification programs, such as Common Criteria, and used as a meaningful indicator of product assurance. Ultimately, improved standards keep us all accountable and allow the consumer to purchase with confidence."

"As a Platinum member and a board member of The Open Group, Kingdee Software will work with the Trusted Technology Forum to introduce global technology supply chain procurement and product development standards and frameworks into Asia via The Open Group China franchise, which is also managed by Kingdee," said Dr. Bob Chu, Chief Enterprise Architecture Expert, Kingdee Software and CTO of The Open Group China. "Kingdee will introduce the Trusted Technology Provider Framework to help global manufacturers in Asia like Lenovo, Acer, Huawei, ZTE, Haire, NTT, etc. to develop and manufacture technology products with integrity so that global customers can buy with confidence in a secure global supply chain."

"Microsoft supports the Trusted Technology Forum's goal of publishing practices that ultimately help protect end users," said Steve Lipner, Senior Director, Microsoft Trustworthy Computing.  "Our experience applying the Security Development Lifecycle to numerous Microsoft products over a period of six years has demonstrated that targeted security activities executed throughout the phases of the traditional software development life cycle and as part of a repeatable process result in security gains."

"The world is powered by information technology, yet we know little about the hardware and software that enable IT," said Mary Ann Davidson, Chief Security Officer, Oracle. "The Trusted Technology Provider Framework brings a much-needed outcomes-based, feasible and achievable focus on supply chain practices related to the software and hardware that powers critical infrastructure."

Forum Deliverables

The Open Group Trusted Technology Provider Framework (TTPF) has been in development over the past year as a project of the Acquisition Cybersecurity Initiative, a collaborative effort between government and industry verticals under the sponsorship of the U.S. Department of Defense (OUSD (AT&L)/DDR&E); and facilitated by The Open Group. The framework is intended to benefit technology buyers across all industries concerned with secure development practices and supply chain management, including government and defense, transportation, healthcare, and financial services. The first deliverable of the TTF will be the TTPF White Paper that will outline current industry best practices for manufacturing trusted technology products and will build on the highest priority areas such as supply chain integrity where action is most likely to mitigate risk with a global recognition program that identifies providers who are following the best practices.

For more information on The Open Group Trusted Technology Forum, please visit: http://www.opengroup.org/ogttf/.

About The Open Group

The Open Group is a vendor-neutral and technology-neutral consortium, which drives the creation of Boundaryless Information Flow™ that will enable access to integrated information within and between enterprises based on open standards and global interoperability. The Open Group works with customers, suppliers, consortia and other standard bodies. Its role is to capture, understand and address current and emerging requirements, establish policies and share best practices; to facilitate interoperability, develop consensus, and evolve and integrate specifications and open source technologies; to offer a comprehensive set of services to enhance the operational efficiency of consortia; and to operate the industry's premier certification service. Further information on The Open Group can be found at http://www.opengroup.org.

About CA Technologies

CA Technologies (Nasdaq: CA) is an IT management software and solutions company with expertise across all IT environments – from mainframe and distributed, to virtual and cloud. CA Technologies manages and secures IT environments and enables customers to deliver more flexible IT services. CA Technologies innovative products and services provide the insight and control essential for IT organizations to power business agility. The majority of the Global Fortune 500 relies on CA Technologies to manage evolving IT ecosystems. For additional information, visit CA Technologies at www.ca.com.

About Kingdee

Kingdee International Software Group Company Limited (www.kingdee.com) is a listed company on the Main Board of the Hong Kong Stock Exchange (Stock Code: 00268). Kingdee is a leader in the Chinese software industry, a distinguished enterprise management and middleware software provider, and an online management and e-business application solution service provider in Asia-Pacific. Kingdee's mission is to lead the advancement of the Chinese Management Model, provide enterprise management application and solutions, encourage e-business and enable customers' success. Currently, Kingdee provides ERP products, SOA middleware products, enterprise architecture and IT consulting, and information services including SaaS to over 800,000 enterprises, government agencies and education organizations in Asia. Headquartered in Shenzhen, China, Kingdee was founded on August 8, 1993. The affiliates of the Group include Kingdee Software Company (China) Ltd., which focuses on the enterprise management software market in mainland China; Kingdee Mobile Internet Technology Co. Ltd. (www.youshang.com), which provides online management and e-business services; Kingdee International Software Group Company (Hong Kong) Ltd., which targets the market of the Asia-Pacific region besides mainland China; Shenzhen Kingdee Middleware Company Ltd. (www.apusic.com), which specializes in middleware products for cloud computing and SOA.

About Microsoft

Founded in 1975, Microsoft (Nasdaq: MSFT) is the worldwide leader in software, services and solutions that help people and businesses realize their full potential.

SOURCE The Open Group