Alliance between prpl Foundation and IoTSF puts ‘security by design’ at the heart of embedded computing

New collaboration to transform security of the Internet of Things

LONDON, UK – 5 December 2016 – The prpl Foundation and the IoT Security Foundation (IoTSF), two influential not-for-profit organizations working to promote security and openness in the Internet of Things (IoT), today announced that they have entered into a formal agreement to cooperate on projects that put ‘security by design’ into the IoT.  One element of the collaboration, around the IoTSF Self Certification Working Group, will be discussed tomorrow in London at the IoTSF Conference 2016 entitled Building an Internet of Trust.

”The prpl Foundation and the IoTSF share a belief that security is a fundamental requirement to the enablement and adoption of connected devices,” said Art Swift, president of the prpl Foundation.  “We are delighted to work together to advance the many aspects of IoT security to make its widespread use less risky so consumers can use the IoT to its full potential safely.”

IoTSF members will be invited to participate in the prpl Security and Virtualization Working Group which explores the application of hardware virtualization to create security by separation at the most basic level: the hardware itself.  prpl members will be invited to take part in the IoTSF’s Self Certification work which is focused on determining a comprehensive security assurance framework for firms throughout the IoT supply chain which is accessible to all and readily actionable.

“With digital and communications technologies permeating all aspects of modern life, the IoT is considered by many to be the next evolution of the Internet,” said John Moor, Managing Director of the IoT Security Foundation. “Yet there are many challenges ahead and industry must work together to agree on ethics as well as standards.  Both IoTSF and prpl agree that security must be forged into the design of embedded computing devices and therefore collaborating on joint projects and complementing each other’s work can only be viewed as a positive for society as a whole.”

Both parties will work continually to increase the span of influence and establish a “supply chain of trust” in which all IoT stakeholders can play a part towards creating a more secure IoT. This will be achieved through mutual cooperation and participating in each other’s closely aligning projects and working groups as well as industry events and activities.  The organizations have also agreed to work to a mutually agreed code of ethics based on trust and collaboration.

“As a participant in both prpl and the IoTSF, I look forward to the progress that we can help make towards securing connected devices at a time when it has never been more important,” said Majid Bemanian, Director of Networking & Storage, Segment Marketing at Imagination, who sits on the Board of Directors for the IoTSF and co-chairs the Security Group at the prpl Foundation. “As an industry, we are on the cusp of a crucial tipping point, so the time is now to leverage the power of open source and community collaboration to make security an instrumental aspect of IoT from SoC inception to full operation, rather than an afterthought.”

The IoTSF Conference 2016 will take place on Tuesday, 6th December at the IET Savoy Place in London.  Cesare Garlati, chief security strategist for the prpl Foundation will show a live demo of the prplSecurity™ Framework during the session entitled “In Silicon we Trust: How to Fix the Internet of Broken Things”; and Art Swift, president of the prpl Foundation will take part in a panel discussion called “United We Stand; Addressing the Bigger Challenges of IoT Security with Collaboration”.

About the prpl Foundation
prpl (pronounced “Purple”), is an open-source, community-driven, collaborative, non-profit foundation targeting and supporting the MIPS architecture — and open to others — with a focus on enabling next-generation datacenter-to-device portable software and virtualized architectures. prpl represents leaders in the technology industry investing in innovation in efficiency, portability and compatibility for the good of a broad community of developers, businesses and consumers. Initial domains targeted by prpl include datacenter, networking & storage, connected consumer and embedded/IoT.

Media Contacts:

Beth Smith
Eskenzi PR

prpl Foundation and CABA create important alliance to advance smart home security

Open source foundation joins forces with leading smart home and building organization

November 28, 2016 – SANTA CLARA, CA

Today, the not for profit prpl Foundation, an open-source, community-driven, collaborative, foundation with a focus on enabling next-generation datacenter-to-device portable software and virtualized architectures, announced a significant collaboration with the Continental Automated Buildings Association (CABA), an international not-for-profit industry association dedicated to the advancement of intelligent home and intelligent building technologies. The mutual alliance will see both membership groups working together on research projects and whitepapers to improve standards in smart home security.

“prpl’s alliance with CABA is an incredibly important step in the advancement of smart home technology,” said Art Swift, president of the prpl Foundation. “By collaborating with CABA’s wealth of smart home security experts and members, we will work together to provide high quality research and guidance that will push IoT industry standards to make sure that consumers are kept safe as connected device usage in their homes grows.”
Continue reading

prpl Foundation collaborating with FCC Working Group

prpl community manager Eric Schultz collaborating with Software Configurable Radio sub-group

Monday, 21 November 2016 – SANTA CLARA, CA

It was confirmed today that Eric Schultz, community manager for the not for profit prpl Foundation, the open-source, community-driven, collaborative, foundation with a focus on enabling next-generation datacenter-to-device portable software and virtualized architectures, has been collaborating with the Federal Communications Commission (FCC) Technological Advisory Council Software Configurable Radios Sub-Working Group. In this role, Schultz will help educate and guide other TAC members on how proposed FCC regulations may affect the open source community and the growth of the Internet of Things (IoT) — and explore how the various stakeholders can better work together.

According to Schultz, “It’s exciting to be able to share the viewpoints of the open source community as part of the overall effort to investigate how to strike an appropriate balance between protecting the radio spectrum from interference, while still allowing innovation and the flexible addition of features. These issues have been at the core of prpl Foundation and OpenWrt projects in which I participate.”

Continue reading

RSA Conference 2016 – A New Hardware-Based Approach to Secure the Internet of Things

Live Demo: A New Hardware-Based Approach to Secure the Internet of Things
RSA Conference 2016 – Abu Dhabi
November 16, 2016 | 11.20 – 12.10 hrs | Level 1 | Room: Etihad Ballroom 2



Quick look – This session will address four key elements that have introduced serious weaknesses into the IoT: proprietary systems, connectivity, unsigned firmware and lateral movement. Discussion will showcase a new approach to IoT security demonstrating how SoC virtualization and security through separation can address these vulnerabilities, which have already been shown to have potentially life-threatening consequences.

From hospitals dispensing life-saving drugs, to connected cars – embedded computing is transforming the way we live and work. But underlying weaknesses have introduced potentially life-threatening vulnerabilities into the Internet of Things.

Continue reading

The Internet of Things: Life-changing tech or a disaster waiting to happen?

Reposting from Tech City News NOV 02, 2016

By Cesare Garlati, chief security strategist at the prpl Foundation, an organisation working to make the IoT safer, explains how startups can get IoT security right to avoid being subjected to harm.

miraiThe Internet of Things (IoT) is exciting new territory for many startups and innovative companies looking to push boundaries and connect even the smallest devices to attempt to simplify and enhance our lives. But the security of these devices is fundamentally flawed for a number of reasons.

Continue reading

Automotive security: pen-testing is no replacement for sound product development

automotive-testingReposting from Automotive Testing Technology International

By Cesare Garlati

When it comes to testing the components of modern connected cars, of course pen-testing (penetration testing) has its place; however, it is no substitute for solid product development.

In testing, companies often operate under the notion that an identified problem can be fixed or patched. This may be true for some areas of testing, but for security, it is not sufficient. Security needs to be built-in, from the ground up. And that means starting at the hardware layer, which is seldom done today, but which is completely viable given the advancements in silicon and other connected vehicle technologies.

Continue reading