Newly launched Security Appraisal Framework and Enablement program elevates security standards for data center providers and device manufacturers
October 17, 2023, SEATTLE, WA – IOActive, Inc., the worldwide leader in research-fueled security services, today announced its support of and participation in the newly launched Open Compute Project Foundation (OCP) Security Appraisal Framework and Enablement (S.A.F.E.) program. This framework is designed to improve the trustworthiness of devices across all data center IT infrastructure and reduce overhead cost and redundancy of device security audits.
A community-led security program, OCP S.A.F.E. was created to bring a consistency of methodology and elevated security standards to both data center providers and device manufacturers. With S.A.F.E., device manufacturers and purchasers will receive independent verification of security integrity of current and future devices, to build trust with a cost-effective approach.
S.A.F.E. is made up of a standardized device specific audit checklist, developed and open sourced by the OCP community, along with criteria for selecting third party device security review auditors, who if qualified, become designated OCP Security Review Providers (SRP). As an OCP recognized SRP, IOActive is one of the founding vendors qualified to conduct device security reviews based on the S.A.F.E. checklist.
IOActive has been involved with guiding and developing the S.A.F.E. framework from the start, and as the world’s top independent security consultancy and leader in hardware hacking, the company’s experience, and selection as an OCP SRP, enables device manufacturers to quickly and efficiently meet current and future standards – now required by the OCP community.
A consistent and mature appraisal framework will ensure that device security improves across the industry. New and specialized vendors that struggle to fund and elevate the security of their devices to meet the demands of the world’s largest cloud providers will now have one clear security standard to strive for and have clarity over which agencies to engage in validating or improving the security of their product.
“Supply chain threats are the number one threat to enterprise and cloud security,” said Gunter Ollman, CTO at IOActive. “Securing the next generation of cloud technologies against these threats, along with any other current and future attack vectors, is historically costly and fragmented. The development of S.A.F.E.., with the support of IOActive and other Security Review Providers, will make a significant impact, up-lifting product and device security across the industry.”
To learn more about S.A.F.E. and how the framework will advance the security posture of device hardware and firmware components across the supply chain, visit opencompute.org.
About the Open Compute Project Foundation
At the core of the open compute project (OCP) is its community of hyperscale data center operators, joined by telecom and colocation providers and enterprise IT users, working with vendors to develop open innovations that when embedded in products are deployed from the cloud to the edge. The OCP Foundation is responsible for fostering and serving the OCP community to meet the market and shape the future, taking hyperscale led innovations to everyone. Meeting the market is accomplished through open designs and best practices, and with data center facility and IT equipment embedding OCP community developed innovations for efficiency, at-scale operations, and sustainability. Shaping the future includes investing in strategic initiatives that prepare the IT ecosystem for major changes, such as Al & ML, optics, advanced cooling techniques, and composable silicon. Learn more at opencompute.org.