« Back to all blog posts

OPC UA Security Process

20.06.2018


OPC Foundation (OPCF) is the organisation behind the OPC UA standard. OPCF is responsible of the security features of OPC UA, which are key to reliable communications in industrial environments.

OPCF has established a formal process to handle security issues in the form of Security Bulletins, comprising of the following steps:

  1. Discuss the issue in the Security Working Group
  2. Rate the issue with Common Vulnerability Scoring System (CVSS)
  3. Get a CVE number from MITRE
  4. Notify SDK vendors (Prosys OPC, Unified Automation, etc.)
  5. Set a timeline for publication of the issue
  6. Publish in the web

The currently known issues are also visible here.

Prosys OPC is committed to working on any known security issues related to the OPC UA products that we provide - and also we are working together with the OPCF to ensure the security of the OPCF Java Stack.

You will find the currently announced security issues in Prosys OPC products from the blog under the #Security tag.

Jouni Aro

Jouni Aro

Chief Technology Officer

Email: jouni.aro@prosysopc.com

Expertise and responsibility areas: OPC & OPC UA product development, project work and customer support

Tags: OPC UA, Security

comments powered by Disqus

About Prosys

Prosys is a leading provider of professional OPC software and services with over 10 years of experience in the field. OPC and OPC UA (Unified Architecture) are communications standards used especially by industrial and high-tech companies.

Read more about us »

Newest blog posts

OPC UA Getting Real and Real-time - Report from OPC Day Finland 2018

OPC UA is getting popular in real-world installations and also going towards real-time with the latest announcements about support for field level.

Getting Started with OPC UA (Videos)

Watch the short videos to get a quick overview of how to get started with OPC UA end-user products or with development. They are represented by Jouni Aro, the CTO of Prosys OPC.

OPC UA Buffer Overflow Exploit

Security vulnerability

View all blog posts »