BlackBerry has announced and formally introduced CHACE – the BlackBerry Center for High Assurance Computing Excellence. The CHACE initiative is part of BlackBerry’s R&D expansion that will hopefully unite researchers to target vulnerability prevention.
“There’s a belief that the key to the world’s security issues is to patch faster, but this hamster wheel fails to address the root issue,” said David Kleidermacher, Chief Security Officer, BlackBerry. “Systems that require regular patching always contain vulnerabilities unknown to developers, and some of these vulnerabilities are in fact known by would-be attackers. It’s clear we must build systems that are provably devoid of security flaws. The software and security engineering required to meet this objective is sadly rare today and must become commonplace. CHACE is BlackBerry’s initiative towards this goal, and we welcome all who wish to join the fight.”
Read the press release below:
April 21, 2015 15:30 ET
BlackBerry Advances Security of Mobile and Internet of Things with New High Assurance Initiative
BlackBerry’s Center for High Assurance Computing Excellence unites researchers to target vulnerability prevention
WATERLOO, ONTARIO–(Marketwired – April 21, 2015) – BlackBerry Limited (NASDAQ:BBRY)(TSX:BB), a global leader in mobile communications, today introduced the BlackBerry Center for High Assurance Computing Excellence (CHACE). The initiative expands the Company’s research and development (R&D) efforts to drive worldwide innovation and improvement in computer security.
“As the number of connected devices multiplies, so do the threats to security and privacy,” said Bob Egan, CEO, Sepharim Research Group. “Organizations need to rethink the way they approach security and transition from a reactive posture to one that is proactive and promises the greatest defense against sophisticated cyber attackers.”
The fail-then-patch approach to managing security risk has become a widely accepted practice, even as consumers and enterprises face mounting threats from cyber attackers. CHACE aims to reverse the current paradigm with the development of tools and techniques that deliver a far higher level of security protection than currently available.
BlackBerry has a long history in high assurance techniques, including rigorous automated testing, deep vulnerability and failure analysis, and formal methods to prove safety and security properties. These competencies have enabled the Company’s solutions to achieve a wide range of quality, safety, and security certifications, including:
- Approval of smartphone and Mobile Device Management (MDM) platform for use on U.S. Department of Defense classified networks
- Certification for use in vehicle systems that comply with ISO 26262, up to Automotive Safety Integrity Level D, the highest level achievable
- Compliance to IEC 62304 medical software standard and approval in life-critical medical devices
CHACE will extend BlackBerry’s state-of-the-art competencies in vulnerability prevention and enable the application of high assurance security research to real-world products and services.
“There’s a belief that the key to the world’s security issues is to patch faster, but this hamster wheel fails to address the root issue,” said David Kleidermacher, Chief Security Officer, BlackBerry. “Systems that require regular patching always contain vulnerabilities unknown to developers, and some of these vulnerabilities are in fact known by would-be attackers. It’s clear we must build systems that are provably devoid of security flaws. The software and security engineering required to meet this objective is sadly rare today and must become commonplace. CHACE is BlackBerry’s initiative towards this goal, and we welcome all who wish to join the fight.”
Key collaborators with CHACE include academic institutions as well as industry groups that share BlackBerry’s commitment to high assurance practices. For example, CHACE will collaborate with the healthcare community to address security and privacy concerns for next-generation wireless medical devices and applications.
A number of leading organizations have already expressed support for CHACE.
“Next-generation mHealth systems and Internet of Things devices, such as the artificial pancreas for people with diabetes, can dramatically improve quality of life. However, these wireless devices are inhibited from realizing their full potential by an insufficient assurance of security and privacy afforded by current commercial development practices,” said David Klonoff, M.D., President, Diabetes Technology Society and Clinical Professor of Medicine, University of California, San Francisco. “BlackBerry is assisting Diabetes Technology Society to foster the high assurance security processes and standards needed to turn promise into reality for patients with diabetes and other diseases.”
“Cybersecurity education and applied research is a priority at Cal Poly,” said Debra Larson, Ph.D., Dean, College of Engineering, Cal Poly San Luis Obispo. “The school’s new Cybersecurity Center reflects our goal to be at the forefront of preparing the next generation of engineers to ensure the safety of cyberspace in our technologically interconnected world – as well as enhance the user experience of navigating that world. BlackBerry’s Center for High Assurance Computing Excellence is creating exciting new opportunities for university and industry collaborations on this new frontier of innovation, economic activity and security.”
“Given the challenges we face in a modern society that increasingly relies on computing, I believe that establishing a research center focusing on high assurance software is timely and visionary,” said Tevfik Bultan, Professor, Department of Computer Science and Director, Computing Verification Lab (VLab), University of California, Santa Barbara. “I strongly support BlackBerry’s Center for High Assurance Computing Excellence.”
“I commend BlackBerry for its CHACE initiative, which gives participants the opportunity to collaborate on solutions that attack critical security challenges,” said Daniel Kroening, Professor of Computer Science, University of Oxford.
“BlackBerry and the University of Waterloo enjoy a strong partnership that has served as the foundation for groundbreaking research,” said Dave Dietz, Director, Engineering Research, University of Waterloo. “The BlackBerry Center for High Assurance Computing Excellence will be another avenue for us to collaborate on projects critical to secure computing and introduce new technologies to the world.”
Organizations interested in joining CHACE can sign up for more information at www.BlackBerry.com/CHACE. To learn more about BlackBerry security, visit www.BlackBerry.com/Security.