Security at the datacenter starts in the supply chain. Today most datacenters with heterogeneous infrastructures are challenged to ensure security across multiple source trees, including firmware. To help overcome these challenges, OCP offers the Security Appraisal Framework & Enablement (S.A.F.E.) certification. This session demonstrates how an Independent BIOS Vendor (IBV) leverages the OCP S.A.F.E. framework to improve firmware security in the supply chain, including third party security reviews of ROM and Firmware images. Attendees will gain insight into the requirements applicable to firmware as source code, the short form report output published by the IBV, and the advantages for device manufacturers that adopt an OCP S.A.F.E. reviewed source tree.
