Product Security
Product Security is integrated into Vertiv’s overall New Product Development and Introduction (NPDI) process to ensure all new products are developed with security in mind. All new products are expected to meet Vertiv’s SECURE requirements. These requirements have been derived from multiple industry security certifications as well as industry best practices. At different phases of new product development, security related risks are evaluated against Vertiv’s SECURE requirements, and changes are suggested or mandated depending on the level of risk. This process includes static and dynamic testing of code and binaries. Product Security is also responsible for overseeing the Vulnerability Management and Incident Response Process for vulnerabilities related to Vertiv products and services. Vulnerabilities can be reported to Product Security through our Vertiv Trust Center page at Report security concern.
VMIRP
The Vertiv Application and Product Security team always monitors vulnerabilities. Vulnerability management is the process of identifying, evaluating, treating, and reporting on security vulnerabilities.
This process includes a simple intake process for external concerns about product security, robust monitoring of software components utilized in product development, quick understanding of scope and risk with discovered vulnerabilities, immediate connection to the right leaders for swift action, and consistent process for all items.
Incident response is a structured process we use to identify and deal with product security related incidents. Response includes several stages, including preparation for incidents, detection and analysis of a security incident, containment, eradication, and full recovery, and post-incident analysis and learning.
Vertiv SECURE Requirements
The Vertiv SECURE requirements are the set of standards that all products must meet based on their risk classification. Product Security is integrated into Vertiv’s overall New Product Development and Introduction (NPDI) process to ensure all new products are developed with security in mind. All new products are expected to meet Vertiv’s SECURE requirements. These requirements have been derived from multiple industry security certifications as well as industry best practices. At different phases of new product development, security related risks are evaluated against Vertiv’s SECURE requirements, and changes are suggested or mandated depending on the level of risk. This process includes static and dynamic testing of code and binaries.
Vertiv Secure Software Development Framework
Vertiv’s Secure Software Development Framework (SSDF) is a set of secure software development practices based on established secure software development practice documents like the OWASP SAMM, NIST SSDF, MSDL and IEC 62443 4-1