TCG member OnBoard Security, which offers a Trusted Software Stack (TSS) for the TPM 2.0, has just published a useful paper on how to evaluate software security and how to develop and maintain more secure software. The paper also includes some case studies and best practices for using the TPM.
From that paper…”The process of evaluating security software is complex for several reasons. First, the technical pros and cons of the solutions you are considering may be difficult to enumerate without advice from seasoned security experts. Your organization may not have this expertise.
The solution with the lowest initial cost may have substantially higher development and support costs over the entire product life cycle. The free open-source solution may end up costing more over time than itsPicture1 commercial counterpart.
There could be substantial liability issues if the software you choose is compromised. There have been numerous high-profile security breaches over the past several years which have been very damaging to the affected companies. New legislation, particularly the “General Data Protection Regulation” (GDPR) in Europe, greatly increases manufacturers’ and service providers’ financial exposure if a security breach exposes their customers’ private data.
Lastly, the service model for IoT requires a resilient system so that a deployed device does not require field maintenance. If an IoT system gets “bricked” by a cyberattack, fixing it may be impossible or prohibitively expensive. Strong security and recoverability can provide powerful resilience properties to a new generation of IoT devices….” Read the blog post and link to the paper here, http://blog.onboardsecurity.com/blog/setting-and-achieving-security-design-goals
Membership in the Trusted Computing Group is your key to participating with fellow industry stakeholders in the quest to develop and promote trusted computing technologies.
Standards-based Trusted Computing technologies developed by TCG members now are deployed in enterprise systems, storage systems, networks, embedded systems, and mobile devices and can help secure cloud computing and virtualized systems.
Trusted Computing Group announced that its TPM 2.0 (Trusted Platform Module) Library Specification was approved as a formal international standard under ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission). TCG has 90+ specifications and guidance documents to help build a trusted computing environment.