OPC UA Security Process
OPC Foundation (OPCF) is the organization behind the OPC UA standard. OPCF is responsible for the security features of OPC UA, which are key to reliable communications in industrial environments.
OPCF has established a formal process to handle security issues in the form of Security Bulletins, comprising of the following steps:
- Discuss the issue in the Security Working Group
- Rate the issue with the Common Vulnerability Scoring System (CVSS)
- Get a CVE number from MITRE
- Notify SDK vendors (Prosys OPC, Unified Automation, etc.)
- Set a timeline for publication of the issue
- Publish on the web
The currently known issues are also visible here.
Prosys OPC is committed to working on any known security issues related to the OPC UA products that we provide – and we are also working together with the OPCF to ensure the security of the OPCF Java Stack.
You will find the currently announced security issues in Prosys OPC products from the blog under the #Security tag.