New Certification Strengthens BlackBerry’s Software Supply Chain and Provides Customers Another Layer of Security
BlackBerry Limited (NYSE: BB; TSX: BB) today announced it is the first business in the Americas to gain the OpenChain Security Assurance Specification, a best-in-class validation of the company’s ability to manage open-source vulnerabilities and risks as part of its software supply chain, with a view to providing a higher level of security assurance for customers.
The Linux Foundation’s OpenChain Project works to establish trust in open-source software. Use of the OpenChain Security Assurance Specification will enable BlackBerry customers to have increased confidence in the company’s ability to manage the use of open-source software across its Cybersecurity and IoT product portfolios.
“Building a more resilient and trusted software supply chain is critical to the future of secure software, and BlackBerry is proud to be a leader in this space,” said Christine Gadsby, Vice President, Product Security at BlackBerry. “We’re committed to adopting a higher standard for our software supply chain as cyberattacks grow and stringent regulatory standards come into effect.”
“Cyberattacks are increasing in frequency, severity, and sophistication. Securing software supply chains is a priority for organizations of all sizes in all industries as they look to reduce their overall business risk profile,” said Frank Dickson, Group Vice President, Security and Trust at IDC. “Protecting sensitive data is paramount in achieving this objective, particularly in the face of potential financial loss and reputational damage. Following respected third-party standards and specifications is an excellent way for organizations to communicate and demonstrate a commitment to current best practice security processes and sustainability of their approach in moving forward.”
The milestone builds on BlackBerry’s previous adoption of OpenChain ISO/IEC 5230:2020, the international standard for open-source license compliance, which defines the key elements of a quality open-source compliance program and allows companies of all sizes and sectors to adopt them.
“BlackBerry has one of the deepest commitments in the security industry to bringing increased peace of mind to enterprise and governmental organizations,” said Russ Eling, CEO, OSS Consultants, who worked with BlackBerry to gain the new accreditation. “This added certification highlights BlackBerry’s position as a trusted supply chain vendor and serves as an example for others to follow. BlackBerry was able to meet the specification through its existing policies and processes due to its long history and commitments to responsible management of open source. BlackBerry has a team of experts who have developed their practices, tooling, and operational capability to manage the vulnerabilities that arise within open-source libraries.”