Author Archive

Dan Reddy

Dan Reddy

With 17+ years at EMC, Dan Reddy leads supply chain assurance in EMC’s Product Security Office where he has addressing product integrity since 2007. Dan also spent 15 years at New England Electric, an electric utility with nationally critical infrastructure. More ...
Dan Reddy

Latest posts by Dan Reddy (see all)

Open Trusted Technology Provider Accreditation Program

How does one measure the best product-related practices that may be in place in the world of Commercial Off-the-Shelf Technology (COTS)? Often specific versions of an Information and Communication Technology (ICT) product are certified by a third party “Lab” that can examine the state of that version in terms of meeting the security requirements for the identified scope. There are some process aspects of product evaluations that come into play such as one’s approach to handling a found vulnerability with a version of software. The advantage of the product version approach is that if one is acquiring a specific version then one knows that it has been specifically reviewed and evaluated. However there are process gaps in product evaluations that are these days focusing less on secure engineering practices and not yet on supply chain security. (more…)