OPC UA Security Process
20.06.2018
OPC Foundation (OPCF) is the organisation behind the OPC UA standard. OPCF is responsible of the security features of OPC UA, which are key to reliable communications in industrial environments.
OPCF has established a formal process to handle security issues in the form of Security Bulletins, comprising of the following steps:
- Discuss the issue in the Security Working Group
- Rate the issue with Common Vulnerability Scoring System (CVSS)
- Get a CVE number from MITRE
- Notify SDK vendors (Prosys OPC, Unified Automation, etc.)
- Set a timeline for publication of the issue
- Publish in the web
The currently known issues are also visible here.
Prosys OPC is committed to working on any known security issues related to the OPC UA products that we provide - and also we are working together with the OPCF to ensure the security of the OPCF Java Stack.
You will find the currently announced security issues in Prosys OPC products from the blog under the #Security tag.
Jouni Aro
Chief Technology Officer
Email: jouni.aro@prosysopc.com
Expertise and responsibility areas: OPC & OPC UA product development, project work and customer support
About Prosys OPC Ltd
Prosys OPC is a leading provider of professional OPC software and services with over 20 years of experience in the field. OPC and OPC UA (Unified Architecture) are communications standards used especially by industrial and high-tech companies.
Newest blog posts
OPC UA PubSub to Cloud via MQTT
Detailed overview of the demo presented at the OPC Foundation booth
SimServer How To #3: Simulate data changes on a server using an OPC UA client
A two-part step-by-step tutorial on how to write data changes on an OPC UA server using an OPC UA client.
How to Succeed in the Production Analytics Project
Industry 4.0 analytics projects are going to be Significantly rising business in the next couple of years. Read how to bypass the most common cavepits and delivery projects succesfully.
