October 17, 2023, SEATTLE, WA – IOActive, Inc., a leader in research-fueled security services, today announced its support of and participation in the newly launched Open Compute Project Foundation (OCP) Security Appraisal Framework and Enablement (S.A.F.E.) program. This framework is designed to improve the trustworthiness of devices across all data center IT infrastructure and reduce overhead cost and redundancy of device security audits.
A community-led security program, OCP S.A.F.E. was created to bring a consistency of methodology and elevated security standards to both data center providers and device manufacturers. With S.A.F.E., device manufacturers and purchasers will receive independent verification of security integrity of current and future devices, to build trust with a cost-effective approach.
S.A.F.E. is made up of a standardized device specific audit checklist, developed and open sourced by the OCP community, along with criteria for selecting third party device security review auditors, who if qualified, become designated OCP Security Review Providers (SRP). As an OCP recognized SRP, IOActive is one of the founding vendors qualified to conduct device security reviews based on the S.A.F.E. checklist.
IOActive has been involved with guiding and developing the S.A.F.E. framework from the start, and as the world’s top independent security consultancy and leader in hardware hacking, the company’s experience, and selection as an OCP SRP, enables device manufacturers to quickly and efficiently meet current and future standards – now required by the OCP community.
A consistent and mature appraisal framework will ensure that device security improves across the industry. New and specialized vendors that struggle to fund and elevate the security of their devices to meet the demands of the world’s largest cloud providers will now have one clear security standard to strive for and have clarity over which agencies to engage in validating or improving the security of their product.
“Supply chain threats are the number one threat to enterprise and cloud security,” said Gunter Ollman, CTO at IOActive. “Securing the next generation of cloud technologies against these threats, along with any other current and future attack vectors, is historically costly and fragmented. The development of S.A.F.E.., with the support of IOActive and other Security Review Providers, will make a significant impact, up-lifting product and device security across the industry.”
To learn more about S.A.F.E. and how the framework will advance the security posture of device hardware and firmware components across the supply chain, visit opencompute.org.
