SlideShare a Scribd company logo

2022 CC Statistics report: will this year beat last year's record number of certifications?

CC Scraper is a tool developed by jtsec 5 years ago that that analyses automatically the information from the CC and CBs portals using OCR capabilities and other features. Including detailed insights about Common Criteria like certification per assurance level, trends by Protection Profile, ranking of manufacturer, among others. We have published free annually reports regarding. In last year’s edition, we presented the statistics for 2021, the year with the most Common Criteria certifications in history. Would you like to know the data of the first three quarters of 2022? Will this year beat last year’s record number of certifications? Which labs and vendors will be in the top? This presentation will show Common Criteria’s data in a year that has taken place against a context of global uncertainty and instability.

1 of 30
Download to read offline
2022 CC Statistics report: will this year beat last year's record number of certifications?
 CC data collection with CCScraper
 CC statistics for 2022
 CC Statistics for 5 years
 Conclusions
Contents
 José Manuel Pulido:
 Lead Cybersecurity Consultant and Senior
Cybersecurity Evaluator at jtsec
 Common Criteria expert
 CCToolbox developer
 More than 10 years of experience in cybersecurity
technologies
 Speaker at several conferences including ICCC20
and ICCC21
About me
 Cybersecurity evaluation & consultancy services
 Common Criteria, LINCE and ETSI EN 303 645 accredited
lab.
 Developers of the most powerful tool for Common Criteria,
CCToolbox.
 Involved in standardization activities (ISO, CEN/CENELEC,
ISCI WGs, ENISA CSA WGs, CCUF, CMUF, ERNCIP, …)
 Members of the SCCG (Stakeholder Cybersecurity
Certification Group)
About us
2022 CC Statistics report: will this year beat last year's record number of certifications?
 Web scraper written in Python. Created in 2018 by jtsec.
 CCScraper collects data about certified products from commoncriteriaportal.org
and from the websites of the Certification Bodies.
 Tons of interesting data collected: date of certification, EAL, PP, Product
Category, certification lab, etc. and even SFRs used or technical terms in the ST!
 Data is interpreted and organized / merged into a list of unique certified
products. We generate the statistics from that data.
 We don’t generate statistics of site certifications (yet).
What is CCScraper
 CCScraper v1.0 was first presented here in the ICCC in 2018.
 Only data from commoncriteriaportal.org was collected.
 CCScraper v2.0 was presented in ICCC 2019.
 Main feature: add information from CB websites and merge into unique products
 CCcraper v2.1 was presented in ICCC 2020, with mainly efficiency improvements and email alerts.
 CCScraper v2.2 was presented in ICCC 2021, with improvements in CB website parsers and
detection of false duplicates.
 This year we present CCScraper v2.3 with some upgrades for ICCC 2021.
 Stability improvements parsing NIAP website.
 German language support in parsing BSI website.
 IPA scraper was completely rewritten due to changes in the website.
CCScraper history
Ad

Recommended

ICCC21 2021 statistics report
ICCC21 2021 statistics reportICCC21 2021 statistics report
ICCC21 2021 statistics reportJavier Tallón
 
ICCC2023 Statistics Report, has Common Criteria reached its peak?
ICCC2023 Statistics Report, has Common Criteria reached its peak?ICCC2023 Statistics Report, has Common Criteria reached its peak?
ICCC2023 Statistics Report, has Common Criteria reached its peak?Javier Tallón
 
2020 Statistics Report. Is the industry surviving to lockdown?
2020 Statistics Report. Is the industry surviving to lockdown?2020 Statistics Report. Is the industry surviving to lockdown?
2020 Statistics Report. Is the industry surviving to lockdown?Javier Tallón
 
How IoT Will Support Tomorrow's Digital Supply Chain
How IoT Will Support Tomorrow's Digital Supply ChainHow IoT Will Support Tomorrow's Digital Supply Chain
How IoT Will Support Tomorrow's Digital Supply ChainSCL HUB
 
How IoT Will Support Tomorrow's Digital Supply Chain
How IoT Will Support Tomorrow's Digital Supply ChainHow IoT Will Support Tomorrow's Digital Supply Chain
How IoT Will Support Tomorrow's Digital Supply ChainSCL HUB Conference
 
Security and Authentication of Internet of Things (IoT) Devices
Security and Authentication of Internet of Things (IoT) DevicesSecurity and Authentication of Internet of Things (IoT) Devices
Security and Authentication of Internet of Things (IoT) DevicesSanjayKumarYadav58
 
Assocham global conference audit data standards - 28.10.2020
Assocham global conference   audit data standards - 28.10.2020Assocham global conference   audit data standards - 28.10.2020
Assocham global conference audit data standards - 28.10.2020Vinod Kashyap
 
Overview fips2012 workshop presentations
Overview fips2012 workshop presentationsOverview fips2012 workshop presentations
Overview fips2012 workshop presentationspuffyduffduff
 

More Related Content

Similar to 2022 CC Statistics report: will this year beat last year's record number of certifications?

jtsec Arqus Alliance presentation
jtsec Arqus Alliance presentationjtsec Arqus Alliance presentation
jtsec Arqus Alliance presentationJavier Tallón
 
The State of Open Source for Software Alliance Germany 2023-04-14
The State of Open Source for Software Alliance Germany 2023-04-14The State of Open Source for Software Alliance Germany 2023-04-14
The State of Open Source for Software Alliance Germany 2023-04-14Shane Coughlan
 
The Internet of Things - beyond the hype and towards ROI
The Internet of Things - beyond the hype and towards ROIThe Internet of Things - beyond the hype and towards ROI
The Internet of Things - beyond the hype and towards ROIPerry Lea
 
IRJET - Food Supply Chain Management using Blockchain in Food Traceability
IRJET - Food Supply Chain Management using Blockchain in Food TraceabilityIRJET - Food Supply Chain Management using Blockchain in Food Traceability
IRJET - Food Supply Chain Management using Blockchain in Food TraceabilityIRJET Journal
 
Call for Papers - 4th International Conference on Internet of Things (CIoT 2022)
Call for Papers - 4th International Conference on Internet of Things (CIoT 2022)Call for Papers - 4th International Conference on Internet of Things (CIoT 2022)
Call for Papers - 4th International Conference on Internet of Things (CIoT 2022)IJNSA Journal
 
Digital twins and New Business Models
Digital twins and New Business ModelsDigital twins and New Business Models
Digital twins and New Business ModelsRoberto Siagri
 
10th International Conference on Control, Modelling, Computing and Applicatio...
10th International Conference on Control, Modelling, Computing and Applicatio...10th International Conference on Control, Modelling, Computing and Applicatio...
10th International Conference on Control, Modelling, Computing and Applicatio...IJITCA Journal
 
10th International Conference on Control, Modelling, Computing and Applicatio...
10th International Conference on Control, Modelling, Computing and Applicatio...10th International Conference on Control, Modelling, Computing and Applicatio...
10th International Conference on Control, Modelling, Computing and Applicatio...IJITCA Journal
 
Internet of Things: Connected Devices Enabling Energy Management
Internet of Things: Connected Devices Enabling Energy ManagementInternet of Things: Connected Devices Enabling Energy Management
Internet of Things: Connected Devices Enabling Energy ManagementEnercare Inc.
 
Enea Capital Markets Day 2019
Enea Capital Markets Day 2019Enea Capital Markets Day 2019
Enea Capital Markets Day 2019Enea Software AB
 
Revolutionize your business with the Industrial Internet of Things ( IIoT) - ...
Revolutionize your business with the Industrial Internet of Things ( IIoT) - ...Revolutionize your business with the Industrial Internet of Things ( IIoT) - ...
Revolutionize your business with the Industrial Internet of Things ( IIoT) - ...CTOBuddy.com
 
8 th International Conference on Advanced Computing (ADCO 2021)
8 th International Conference on Advanced Computing (ADCO 2021)8 th International Conference on Advanced Computing (ADCO 2021)
8 th International Conference on Advanced Computing (ADCO 2021)ijcsity
 
8th International Conference on Advanced Computing (ADCO 2021)
8th International Conference on Advanced Computing (ADCO 2021)8th International Conference on Advanced Computing (ADCO 2021)
8th International Conference on Advanced Computing (ADCO 2021)ijac123
 
le-emerging-tech-roadmap-2021-2023.pdf
le-emerging-tech-roadmap-2021-2023.pdfle-emerging-tech-roadmap-2021-2023.pdf
le-emerging-tech-roadmap-2021-2023.pdfSigitDarmawan3
 
Product Engineering Services Trends Q2
Product Engineering Services Trends Q2Product Engineering Services Trends Q2
Product Engineering Services Trends Q2Zinnov
 
Call for papers - 9th International Conference on Cybernetics & Informatics (...
Call for papers - 9th International Conference on Cybernetics & Informatics (...Call for papers - 9th International Conference on Cybernetics & Informatics (...
Call for papers - 9th International Conference on Cybernetics & Informatics (...IJITCA Journal
 
2 nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
2 nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)2 nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
2 nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)ijdms
 
Call for Papers - 4th International Conference on Internet of Things (CIoT 2022)
Call for Papers - 4th International Conference on Internet of Things (CIoT 2022)Call for Papers - 4th International Conference on Internet of Things (CIoT 2022)
Call for Papers - 4th International Conference on Internet of Things (CIoT 2022)IJNSA Journal
 

Similar to 2022 CC Statistics report: will this year beat last year's record number of certifications? (20)

INGENIUS_XIMB_Iron and Steel
INGENIUS_XIMB_Iron and SteelINGENIUS_XIMB_Iron and Steel
INGENIUS_XIMB_Iron and Steel
 
jtsec Arqus Alliance presentation
jtsec Arqus Alliance presentationjtsec Arqus Alliance presentation
jtsec Arqus Alliance presentation
 
The State of FIDO
The State of FIDOThe State of FIDO
The State of FIDO
 
The State of Open Source for Software Alliance Germany 2023-04-14
The State of Open Source for Software Alliance Germany 2023-04-14The State of Open Source for Software Alliance Germany 2023-04-14
The State of Open Source for Software Alliance Germany 2023-04-14
 
The Internet of Things - beyond the hype and towards ROI
The Internet of Things - beyond the hype and towards ROIThe Internet of Things - beyond the hype and towards ROI
The Internet of Things - beyond the hype and towards ROI
 
IRJET - Food Supply Chain Management using Blockchain in Food Traceability
IRJET - Food Supply Chain Management using Blockchain in Food TraceabilityIRJET - Food Supply Chain Management using Blockchain in Food Traceability
IRJET - Food Supply Chain Management using Blockchain in Food Traceability
 
Call for Papers - 4th International Conference on Internet of Things (CIoT 2022)
Call for Papers - 4th International Conference on Internet of Things (CIoT 2022)Call for Papers - 4th International Conference on Internet of Things (CIoT 2022)
Call for Papers - 4th International Conference on Internet of Things (CIoT 2022)
 
Digital twins and New Business Models
Digital twins and New Business ModelsDigital twins and New Business Models
Digital twins and New Business Models
 
10th International Conference on Control, Modelling, Computing and Applicatio...
10th International Conference on Control, Modelling, Computing and Applicatio...10th International Conference on Control, Modelling, Computing and Applicatio...
10th International Conference on Control, Modelling, Computing and Applicatio...
 
10th International Conference on Control, Modelling, Computing and Applicatio...
10th International Conference on Control, Modelling, Computing and Applicatio...10th International Conference on Control, Modelling, Computing and Applicatio...
10th International Conference on Control, Modelling, Computing and Applicatio...
 
Internet of Things: Connected Devices Enabling Energy Management
Internet of Things: Connected Devices Enabling Energy ManagementInternet of Things: Connected Devices Enabling Energy Management
Internet of Things: Connected Devices Enabling Energy Management
 
Enea Capital Markets Day 2019
Enea Capital Markets Day 2019Enea Capital Markets Day 2019
Enea Capital Markets Day 2019
 
Revolutionize your business with the Industrial Internet of Things ( IIoT) - ...
Revolutionize your business with the Industrial Internet of Things ( IIoT) - ...Revolutionize your business with the Industrial Internet of Things ( IIoT) - ...
Revolutionize your business with the Industrial Internet of Things ( IIoT) - ...
 
8 th International Conference on Advanced Computing (ADCO 2021)
8 th International Conference on Advanced Computing (ADCO 2021)8 th International Conference on Advanced Computing (ADCO 2021)
8 th International Conference on Advanced Computing (ADCO 2021)
 
8th International Conference on Advanced Computing (ADCO 2021)
8th International Conference on Advanced Computing (ADCO 2021)8th International Conference on Advanced Computing (ADCO 2021)
8th International Conference on Advanced Computing (ADCO 2021)
 
le-emerging-tech-roadmap-2021-2023.pdf
le-emerging-tech-roadmap-2021-2023.pdfle-emerging-tech-roadmap-2021-2023.pdf
le-emerging-tech-roadmap-2021-2023.pdf
 
Product Engineering Services Trends Q2
Product Engineering Services Trends Q2Product Engineering Services Trends Q2
Product Engineering Services Trends Q2
 
Call for papers - 9th International Conference on Cybernetics & Informatics (...
Call for papers - 9th International Conference on Cybernetics & Informatics (...Call for papers - 9th International Conference on Cybernetics & Informatics (...
Call for papers - 9th International Conference on Cybernetics & Informatics (...
 
2 nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
2 nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)2 nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
2 nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
 
Call for Papers - 4th International Conference on Internet of Things (CIoT 2022)
Call for Papers - 4th International Conference on Internet of Things (CIoT 2022)Call for Papers - 4th International Conference on Internet of Things (CIoT 2022)
Call for Papers - 4th International Conference on Internet of Things (CIoT 2022)
 

More from Javier Tallón

Evolucionando la evaluación criptográfica - Episodio II
Evolucionando la evaluación criptográfica - Episodio IIEvolucionando la evaluación criptográfica - Episodio II
Evolucionando la evaluación criptográfica - Episodio IIJavier Tallón
 
Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...
Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...
Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...Javier Tallón
 
ICCC23 -The new cryptographic evaluation methodology created by CCN
ICCC23 -The new cryptographic evaluation methodology created by CCNICCC23 -The new cryptographic evaluation methodology created by CCN
ICCC23 -The new cryptographic evaluation methodology created by CCNJavier Tallón
 
Experiences evaluating cloud services and products
Experiences evaluating cloud services and productsExperiences evaluating cloud services and products
Experiences evaluating cloud services and productsJavier Tallón
 
TAICS - Cybersecurity Certification for European Market.pptx
TAICS - Cybersecurity Certification for European Market.pptxTAICS - Cybersecurity Certification for European Market.pptx
TAICS - Cybersecurity Certification for European Market.pptxJavier Tallón
 
La ventaja de implementar una solución de ciberseguridad certificada por el C...
La ventaja de implementar una solución de ciberseguridad certificada por el C...La ventaja de implementar una solución de ciberseguridad certificada por el C...
La ventaja de implementar una solución de ciberseguridad certificada por el C...Javier Tallón
 
EUCA23 - Evolution of cryptographic evaluation in Europe.pdf
EUCA23 - Evolution of cryptographic evaluation in Europe.pdfEUCA23 - Evolution of cryptographic evaluation in Europe.pdf
EUCA23 - Evolution of cryptographic evaluation in Europe.pdfJavier Tallón
 
Evolucionado la evaluación Criptográfica
Evolucionado la evaluación CriptográficaEvolucionado la evaluación Criptográfica
Evolucionado la evaluación CriptográficaJavier Tallón
 
España y CCN como referentes en la evaluación de ciberseguridad de soluciones...
España y CCN como referentes en la evaluación de ciberseguridad de soluciones...España y CCN como referentes en la evaluación de ciberseguridad de soluciones...
España y CCN como referentes en la evaluación de ciberseguridad de soluciones...Javier Tallón
 
EUCA22 Panel Discussion: Differences between lightweight certification schemes
EUCA22 Panel Discussion: Differences between lightweight certification schemesEUCA22 Panel Discussion: Differences between lightweight certification schemes
EUCA22 Panel Discussion: Differences between lightweight certification schemesJavier Tallón
 
EUCA22 - Patch Management ISO_IEC 15408 & 18045
EUCA22 - Patch Management ISO_IEC 15408 & 18045EUCA22 - Patch Management ISO_IEC 15408 & 18045
EUCA22 - Patch Management ISO_IEC 15408 & 18045Javier Tallón
 
Cross standard and scheme composition - A needed cornerstone for the European...
Cross standard and scheme composition - A needed cornerstone for the European...Cross standard and scheme composition - A needed cornerstone for the European...
Cross standard and scheme composition - A needed cornerstone for the European...Javier Tallón
 
¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?
¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?
¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?Javier Tallón
 
Is Automation Necessary for the CC Survival?
Is Automation Necessary for the CC Survival?Is Automation Necessary for the CC Survival?
Is Automation Necessary for the CC Survival?Javier Tallón
 
CCCAB tool - Making CABs life easy - Chapter 2
CCCAB tool - Making CABs life easy - Chapter 2CCCAB tool - Making CABs life easy - Chapter 2
CCCAB tool - Making CABs life easy - Chapter 2Javier Tallón
 
CCCAB, la apuesta europea por la automatización de los Organismos de Certific...
CCCAB, la apuesta europea por la automatización de los Organismos de Certific...CCCAB, la apuesta europea por la automatización de los Organismos de Certific...
CCCAB, la apuesta europea por la automatización de los Organismos de Certific...Javier Tallón
 
Automating Common Criteria
Automating Common Criteria Automating Common Criteria
Automating Common Criteria Javier Tallón
 
CCCAB - Making CABs life easy
CCCAB -  Making CABs life easyCCCAB -  Making CABs life easy
CCCAB - Making CABs life easyJavier Tallón
 
III Encuentro del ENS- Usando el CPSTIC/ENECSTI en la administración - Herram...
III Encuentro del ENS- Usando el CPSTIC/ENECSTI en la administración - Herram...III Encuentro del ENS- Usando el CPSTIC/ENECSTI en la administración - Herram...
III Encuentro del ENS- Usando el CPSTIC/ENECSTI en la administración - Herram...Javier Tallón
 

More from Javier Tallón (20)

Evolucionando la evaluación criptográfica - Episodio II
Evolucionando la evaluación criptográfica - Episodio IIEvolucionando la evaluación criptográfica - Episodio II
Evolucionando la evaluación criptográfica - Episodio II
 
Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...
Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...
Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...
 
ICCC23 -The new cryptographic evaluation methodology created by CCN
ICCC23 -The new cryptographic evaluation methodology created by CCNICCC23 -The new cryptographic evaluation methodology created by CCN
ICCC23 -The new cryptographic evaluation methodology created by CCN
 
Experiences evaluating cloud services and products
Experiences evaluating cloud services and productsExperiences evaluating cloud services and products
Experiences evaluating cloud services and products
 
TAICS - Cybersecurity Certification for European Market.pptx
TAICS - Cybersecurity Certification for European Market.pptxTAICS - Cybersecurity Certification for European Market.pptx
TAICS - Cybersecurity Certification for European Market.pptx
 
La ventaja de implementar una solución de ciberseguridad certificada por el C...
La ventaja de implementar una solución de ciberseguridad certificada por el C...La ventaja de implementar una solución de ciberseguridad certificada por el C...
La ventaja de implementar una solución de ciberseguridad certificada por el C...
 
EUCA23 - Evolution of cryptographic evaluation in Europe.pdf
EUCA23 - Evolution of cryptographic evaluation in Europe.pdfEUCA23 - Evolution of cryptographic evaluation in Europe.pdf
EUCA23 - Evolution of cryptographic evaluation in Europe.pdf
 
Hacking your jeta.pdf
Hacking your jeta.pdfHacking your jeta.pdf
Hacking your jeta.pdf
 
Evolucionado la evaluación Criptográfica
Evolucionado la evaluación CriptográficaEvolucionado la evaluación Criptográfica
Evolucionado la evaluación Criptográfica
 
España y CCN como referentes en la evaluación de ciberseguridad de soluciones...
España y CCN como referentes en la evaluación de ciberseguridad de soluciones...España y CCN como referentes en la evaluación de ciberseguridad de soluciones...
España y CCN como referentes en la evaluación de ciberseguridad de soluciones...
 
EUCA22 Panel Discussion: Differences between lightweight certification schemes
EUCA22 Panel Discussion: Differences between lightweight certification schemesEUCA22 Panel Discussion: Differences between lightweight certification schemes
EUCA22 Panel Discussion: Differences between lightweight certification schemes
 
EUCA22 - Patch Management ISO_IEC 15408 & 18045
EUCA22 - Patch Management ISO_IEC 15408 & 18045EUCA22 - Patch Management ISO_IEC 15408 & 18045
EUCA22 - Patch Management ISO_IEC 15408 & 18045
 
Cross standard and scheme composition - A needed cornerstone for the European...
Cross standard and scheme composition - A needed cornerstone for the European...Cross standard and scheme composition - A needed cornerstone for the European...
Cross standard and scheme composition - A needed cornerstone for the European...
 
¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?
¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?
¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?
 
Is Automation Necessary for the CC Survival?
Is Automation Necessary for the CC Survival?Is Automation Necessary for the CC Survival?
Is Automation Necessary for the CC Survival?
 
CCCAB tool - Making CABs life easy - Chapter 2
CCCAB tool - Making CABs life easy - Chapter 2CCCAB tool - Making CABs life easy - Chapter 2
CCCAB tool - Making CABs life easy - Chapter 2
 
CCCAB, la apuesta europea por la automatización de los Organismos de Certific...
CCCAB, la apuesta europea por la automatización de los Organismos de Certific...CCCAB, la apuesta europea por la automatización de los Organismos de Certific...
CCCAB, la apuesta europea por la automatización de los Organismos de Certific...
 
Automating Common Criteria
Automating Common Criteria Automating Common Criteria
Automating Common Criteria
 
CCCAB - Making CABs life easy
CCCAB -  Making CABs life easyCCCAB -  Making CABs life easy
CCCAB - Making CABs life easy
 
III Encuentro del ENS- Usando el CPSTIC/ENECSTI en la administración - Herram...
III Encuentro del ENS- Usando el CPSTIC/ENECSTI en la administración - Herram...III Encuentro del ENS- Usando el CPSTIC/ENECSTI en la administración - Herram...
III Encuentro del ENS- Usando el CPSTIC/ENECSTI en la administración - Herram...
 

Recently uploaded

HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...htrindia
 
Dynamical systems simulation in Python for science and engineering
Dynamical systems simulation in Python for science and engineeringDynamical systems simulation in Python for science and engineering
Dynamical systems simulation in Python for science and engineeringMassimo Talia
 
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docx
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docxLeveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docx
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docxVotarikari Shravan
 
Confoo 2024 Gettings started with OpenAI and data science
Confoo 2024 Gettings started with OpenAI and data scienceConfoo 2024 Gettings started with OpenAI and data science
Confoo 2024 Gettings started with OpenAI and data scienceSusan Ibach
 
The Future of Product, by Founder & CEO, Product School
The Future of Product, by Founder & CEO, Product SchoolThe Future of Product, by Founder & CEO, Product School
The Future of Product, by Founder & CEO, Product SchoolProduct School
 
How to write an effective Cyber Incident Response Plan
How to write an effective Cyber Incident Response PlanHow to write an effective Cyber Incident Response Plan
How to write an effective Cyber Incident Response PlanDatabarracks
 
AI Act & Standardization: UNINFO involvement
AI Act & Standardization: UNINFO involvementAI Act & Standardization: UNINFO involvement
AI Act & Standardization: UNINFO involvementMimmo Squillace
 
From Challenger to Champion: How SpiraPlan Outperforms JIRA+Plugins
From Challenger to Champion: How SpiraPlan Outperforms JIRA+PluginsFrom Challenger to Champion: How SpiraPlan Outperforms JIRA+Plugins
From Challenger to Champion: How SpiraPlan Outperforms JIRA+PluginsInflectra
 
"Journey of Aspiration: Unveiling the Path to Becoming a Technocrat and Entre...
"Journey of Aspiration: Unveiling the Path to Becoming a Technocrat and Entre..."Journey of Aspiration: Unveiling the Path to Becoming a Technocrat and Entre...
"Journey of Aspiration: Unveiling the Path to Becoming a Technocrat and Entre...shaiyuvasv
 
Campotel: Telecommunications Infra and Network Builder - Company Profile
Campotel: Telecommunications Infra and Network Builder - Company ProfileCampotel: Telecommunications Infra and Network Builder - Company Profile
Campotel: Telecommunications Infra and Network Builder - Company ProfileCampotelPhilippines
 
AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...
AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...
AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...ISPMAIndia
 
Enhancing Productivity and Insight A Tour of JDK Tools Progress Beyond Java 17
Enhancing Productivity and Insight  A Tour of JDK Tools Progress Beyond Java 17Enhancing Productivity and Insight  A Tour of JDK Tools Progress Beyond Java 17
Enhancing Productivity and Insight A Tour of JDK Tools Progress Beyond Java 17Ana-Maria Mihalceanu
 
LF Energy Webinar: Introduction to TROLIE
LF Energy Webinar: Introduction to TROLIELF Energy Webinar: Introduction to TROLIE
LF Energy Webinar: Introduction to TROLIEDanBrown980551
 
Traffic Signboard Classification with Voice alert to the driver.pptx
Traffic Signboard Classification with Voice alert to the driver.pptxTraffic Signboard Classification with Voice alert to the driver.pptx
Traffic Signboard Classification with Voice alert to the driver.pptxharimaxwell0712
 
How we think about an advisor tech stack
How we think about an advisor tech stackHow we think about an advisor tech stack
How we think about an advisor tech stackSummit
 
Act Like an Owner, Challenge Like a VC by former CPO, Tripadvisor
Act Like an Owner,  Challenge Like a VC by former CPO, TripadvisorAct Like an Owner,  Challenge Like a VC by former CPO, Tripadvisor
Act Like an Owner, Challenge Like a VC by former CPO, TripadvisorProduct School
 
Automation Ops Series: Session 1 - Introduction and setup DevOps for UiPath p...
Automation Ops Series: Session 1 - Introduction and setup DevOps for UiPath p...Automation Ops Series: Session 1 - Introduction and setup DevOps for UiPath p...
Automation Ops Series: Session 1 - Introduction and setup DevOps for UiPath p...DianaGray10
 
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdfIntroducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdfSafe Software
 
My sample product research idea for you!
My sample product research idea for you!My sample product research idea for you!
My sample product research idea for you!KivenRaySarsaba
 

Recently uploaded (20)

HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
 
Dynamical systems simulation in Python for science and engineering
Dynamical systems simulation in Python for science and engineeringDynamical systems simulation in Python for science and engineering
Dynamical systems simulation in Python for science and engineering
 
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docx
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docxLeveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docx
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docx
 
Confoo 2024 Gettings started with OpenAI and data science
Confoo 2024 Gettings started with OpenAI and data scienceConfoo 2024 Gettings started with OpenAI and data science
Confoo 2024 Gettings started with OpenAI and data science
 
The Future of Product, by Founder & CEO, Product School
The Future of Product, by Founder & CEO, Product SchoolThe Future of Product, by Founder & CEO, Product School
The Future of Product, by Founder & CEO, Product School
 
How to write an effective Cyber Incident Response Plan
How to write an effective Cyber Incident Response PlanHow to write an effective Cyber Incident Response Plan
How to write an effective Cyber Incident Response Plan
 
AI Act & Standardization: UNINFO involvement
AI Act & Standardization: UNINFO involvementAI Act & Standardization: UNINFO involvement
AI Act & Standardization: UNINFO involvement
 
From Challenger to Champion: How SpiraPlan Outperforms JIRA+Plugins
From Challenger to Champion: How SpiraPlan Outperforms JIRA+PluginsFrom Challenger to Champion: How SpiraPlan Outperforms JIRA+Plugins
From Challenger to Champion: How SpiraPlan Outperforms JIRA+Plugins
 
"Journey of Aspiration: Unveiling the Path to Becoming a Technocrat and Entre...
"Journey of Aspiration: Unveiling the Path to Becoming a Technocrat and Entre..."Journey of Aspiration: Unveiling the Path to Becoming a Technocrat and Entre...
"Journey of Aspiration: Unveiling the Path to Becoming a Technocrat and Entre...
 
Campotel: Telecommunications Infra and Network Builder - Company Profile
Campotel: Telecommunications Infra and Network Builder - Company ProfileCampotel: Telecommunications Infra and Network Builder - Company Profile
Campotel: Telecommunications Infra and Network Builder - Company Profile
 
AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...
AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...
AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...
 
Enhancing Productivity and Insight A Tour of JDK Tools Progress Beyond Java 17
Enhancing Productivity and Insight  A Tour of JDK Tools Progress Beyond Java 17Enhancing Productivity and Insight  A Tour of JDK Tools Progress Beyond Java 17
Enhancing Productivity and Insight A Tour of JDK Tools Progress Beyond Java 17
 
LF Energy Webinar: Introduction to TROLIE
LF Energy Webinar: Introduction to TROLIELF Energy Webinar: Introduction to TROLIE
LF Energy Webinar: Introduction to TROLIE
 
Traffic Signboard Classification with Voice alert to the driver.pptx
Traffic Signboard Classification with Voice alert to the driver.pptxTraffic Signboard Classification with Voice alert to the driver.pptx
Traffic Signboard Classification with Voice alert to the driver.pptx
 
How we think about an advisor tech stack
How we think about an advisor tech stackHow we think about an advisor tech stack
How we think about an advisor tech stack
 
Act Like an Owner, Challenge Like a VC by former CPO, Tripadvisor
Act Like an Owner,  Challenge Like a VC by former CPO, TripadvisorAct Like an Owner,  Challenge Like a VC by former CPO, Tripadvisor
Act Like an Owner, Challenge Like a VC by former CPO, Tripadvisor
 
Automation Ops Series: Session 1 - Introduction and setup DevOps for UiPath p...
Automation Ops Series: Session 1 - Introduction and setup DevOps for UiPath p...Automation Ops Series: Session 1 - Introduction and setup DevOps for UiPath p...
Automation Ops Series: Session 1 - Introduction and setup DevOps for UiPath p...
 
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdfIntroducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
 
In sharing we trust. Taking advantage of a diverse consortium to build a tran...
In sharing we trust. Taking advantage of a diverse consortium to build a tran...In sharing we trust. Taking advantage of a diverse consortium to build a tran...
In sharing we trust. Taking advantage of a diverse consortium to build a tran...
 
My sample product research idea for you!
My sample product research idea for you!My sample product research idea for you!
My sample product research idea for you!
 

2022 CC Statistics report: will this year beat last year's record number of certifications?

  • 2.  CC data collection with CCScraper  CC statistics for 2022  CC Statistics for 5 years  Conclusions Contents
  • 3.  José Manuel Pulido:  Lead Cybersecurity Consultant and Senior Cybersecurity Evaluator at jtsec  Common Criteria expert  CCToolbox developer  More than 10 years of experience in cybersecurity technologies  Speaker at several conferences including ICCC20 and ICCC21 About me  Cybersecurity evaluation & consultancy services  Common Criteria, LINCE and ETSI EN 303 645 accredited lab.  Developers of the most powerful tool for Common Criteria, CCToolbox.  Involved in standardization activities (ISO, CEN/CENELEC, ISCI WGs, ENISA CSA WGs, CCUF, CMUF, ERNCIP, …)  Members of the SCCG (Stakeholder Cybersecurity Certification Group) About us
  • 5.  Web scraper written in Python. Created in 2018 by jtsec.  CCScraper collects data about certified products from commoncriteriaportal.org and from the websites of the Certification Bodies.  Tons of interesting data collected: date of certification, EAL, PP, Product Category, certification lab, etc. and even SFRs used or technical terms in the ST!  Data is interpreted and organized / merged into a list of unique certified products. We generate the statistics from that data.  We don’t generate statistics of site certifications (yet). What is CCScraper
  • 6.  CCScraper v1.0 was first presented here in the ICCC in 2018.  Only data from commoncriteriaportal.org was collected.  CCScraper v2.0 was presented in ICCC 2019.  Main feature: add information from CB websites and merge into unique products  CCcraper v2.1 was presented in ICCC 2020, with mainly efficiency improvements and email alerts.  CCScraper v2.2 was presented in ICCC 2021, with improvements in CB website parsers and detection of false duplicates.  This year we present CCScraper v2.3 with some upgrades for ICCC 2021.  Stability improvements parsing NIAP website.  German language support in parsing BSI website.  IPA scraper was completely rewritten due to changes in the website. CCScraper history
  • 7.  With the statistics generated, we publish CC statistics reports in jtsec webpage, at least once per year. CCscraper reports  https://www.jtsec.es/blog-entry/44/common-criteria- statistics-report-for-2019  https://www.jtsec.es/blog-entry/85/common-criteria- statistics-report-for-2020  https://www.jtsec.es/blog-entry/106/common-criteria- statistics-report-for-2021
  • 9. Statistics – 2022 (9 months)  196 products certified during 2022 (data until 30/09/2022) 55 64 77 0 10 20 30 40 50 60 70 80 90 2022 Q3 2022 Q2 2022 Q1
  • 10.  Top certifier schemes in 2022 Statistics – 2022 (9 months) 44 36 28 20 18 14 12 6 5 5 4 2 1 1 0 5 10 15 20 25 30 35 40 45 50 FR NL JP DE US SE ES IT CA SG KR AU IN NO 2022
  • 11. Statistics – 2022 (9 months)  The top 2 schemes add up to 40% of the certifications! FR 22% NL 18% JP 14% DE 10% US 9% SE 7% ES 6% IT 3% CA 3% SG 3% KR 2% AU 1% IN 1% NO 1%
  • 12.  Certified products compliance in 2022 Statistics – 2022 (9 months) EAL1 1.03% EAL2 10.31% EAL3 7.73% EAL4 29.38% EAL5 12.89% EAL6 9.79% PP 28.87% 1 12 7 21 12 2 0 22 1 6 4 21 9 7 0 15 0 2 4 15 4 10 0 19 0 10 20 30 40 50 60 EAL1 EAL2 EAL3 EAL4 EAL5 EAL6 EAL7 PP 2022 Q1 2022 Q2 2022 Q3
  • 13.  Product assurance level per country during 2022 Statistics – 2022 (9 months) 0 4 0 0 0 0 0 24 0 0 0 0 0 0 0 18 0 0 5 8 0 7 0 0 0 2 3 18 15 6 0 0 0 3 1 6 2 0 0 0 2 8 4 4 0 0 0 14 0 2 2 17 8 6 0 0 0 5 10 15 20 25 30 EAL1 EAL2 EAL3 EAL4 EAL5 EAL6 EAL7 PP Assurance Level Per Country JP US DE FR ES Others NL
  • 14.  Top 10 Laboratories (2022) Statistics – 2022 (9 months) 6 7 7 13 14 14 14 15 24 34 0 5 10 15 20 25 30 35 40 DEKRA (ES) GOSSAMER (US) APPLUS (ES) ATSEC (*) ITSC (JP) TÜV (DE/JP) ECSEC SERMA (FR) CEA - LETI (FR) BRIGHTSIGHT (*)
  • 15. Statistics – 2022 (9 months)  Protection Profile certifications With PP 81% Without PP 19% Certifications with Protection Profiles in 2022 28.10% 35.29% 32.68% 11.76% 0.00% 5.00% 10.00% 15.00% 20.00% 25.00% 30.00% 35.00% 40.00% Security IC Platform Protection Profile Protection Profile for Hardcopy Devices Protection Profile for Network Devices Machine Readable Travel Document 2022
  • 16. Statistics – 2022 (9 months)  PP and cPP compliant certifications in 2022 Collaborative PPs 44% Non-Collaborative PPs 56% Collaborative PPs vs Non - Collaborative PPs Network Devices 67% Stateful Traffic Filter Firewalls 15% Full Drive Encryption 3% Network Devices + Stateful Traffic Filter Firewalls 15% Certifications using CPPs
  • 17. 14 12 11 11 10 0 2 4 6 8 10 12 14 16  Top 5 manufacturers of certified products (2022) Statistics – 2022 (9 months) = +1 New -2 New
  • 18.  Top product categories (2022) and their evolution Statistics – 2022 (9 months) ICs, Smart Cards and Smart Card-Related Devices and Systems, 42% Other Devices and Systems, 14% Network and Network- Related Devices and Systems, 13% Multi-Function Devices, 22% Data Protection, 4% Boundary Protection Devices and Systems, 4% Operating Systems, 1%
  • 19.  Manufacturers and categories that obtained EAL6 Statistics – Higher EAL manufacturers 1 1 1 2 4 5 6 0 1 2 3 4 5 6 7 Giesecke+Devrient Mobile Security GmbH CEC Huada Electronic Design Co., Ltd. THALES STMicroelectronics NXP Semiconductors Germany GmbH SAMSUNG ELECTRONICS INC. Infineon Technologies AG
  • 20.  Products uploaded to CC Portal vs products only in CB websites Statistics – 2022 (9 months) 196 157 39 0 50 100 150 200 250 Total CCPortal + CBs CCPortal CB websites only Product publication sites
  • 22.  Number of certifications in the last 5 years Will 2022 be the worst year of the last five? Statistics – 5 years trend 337 339 363 344 196 0 50 100 150 200 250 300 350 400
  • 23.  Compliance with EAL or PP of certified products (5 year) Statistics – 5 years trend EAL1 1.00% EAL2 8.77% EAL3 4.42% EAL4 19.97% EAL5 20.90% EAL6 8.84% EAL7 0.21% PP 35.88%
  • 24.  Certifications per country scheme in the last 5 years Statistics – 5 year trend FR 22% US 20% DE 10% CA 3% JP 12% ES 3% NL 14% SE 6% NO 1% KR 3% MY 1% TR 1% IT 2% SG 1%
  • 25.  Evolution of top 5 laboratories Statistics – 5 year trend 14 44 27 24 32 22 18 20 28 23 51 32 27 22 28 56 33 35 18 16 34 24 14 15 7 0 20 40 60 80 100 120 140 160 180 BRIGHTSIGHT (*) CEA - LETI (FR) TÜV (DE/JP) SERMA (FR) GOSSAMER (US) 2018 2019 2020 2021 2022
  • 26.  Evolution of top product categories (five years) Statistics – 5 year trend 2 12 10 8 7 9 13 17 8 7 120 95 144 134 68 4 11 8 11 8 38 50 47 59 36 34 24 23 48 21 7 10 8 11 10 0 20 40 60 80 100 120 140 160 2018 2019 2020 2021 2022 Boundary Protection Devices and Systems Data protection ICs, Smart Cards and Smart Card-Related Devices and Systems Mobility Multi-Function Devices Network and Network-Related Devices and Systems Products for Digital Signatures
  • 28. Pessimistic global numbers and changes in top 10  2022 will probably end with much lower numbers than 2021 (286 by ICCC21, 344 at the end of the year)  The top certifying schemes: US had the biggest drop; Other countries have slightly lower numbers than in 2021.  Except for #1 lab, there have been many variations within the top 10 of laboratories. 2 French labs are back in the top 3.  Smartcards and Hardcopy devices were the most certified categories.  Top #5 vendors are almost smartcard and Security IC vendors. Several ICs were certified using EAL6+.
  • 29. Why has the number of certifications dropped?  Raise of other certifications in Europe  National lightweight certifications are swifter;  Vendors waiting for EUCC to be a reality.  The industry trend is cloud-based. Cloud-vendors demand certifications.  The shadow of COVID pandemics: developments started in 2020/21 were certified on 2021/22; however, other products were never finished due to the pandemics.  2022 will be a negative year, after two remarkable ones.
  • 30. jtsec Beyond IT Security Granada & Madrid – Spain hello@jtsec.es @jtsecES www.jtsec.es Contact “Any fool can make something complicated. It takes a genius to make it simple.” Woody Guthrie

Editor's Notes

  1. Hello ICCC 22 My name is Jose Pulido, and today I am here to present to you the statistics of the Common Criteria certification industry of the current year. I am very happy to be a speaker one more year in this Common Criteria Conference; it’s an honor, so thanks a lot for having me here.
  2. In this presentation, we’ll first speak about CCscrapper tool, that we use to collect data about CC certifications. AND then we will see and analyze statistics from the current year and from the last five years. Finally, after showing the numbers, we will analyze them and will try to draw conclusions in order to explain the yearly numbers.
  3. Let me briefly present myself: I’m José Manuel Pulido, currently Lead Cybersecurity Consultant at jtsec. I have been involved in the Common Criteria, cybersecurity in general and development of tools for CC professionals for several years. And I also have participated in various conferences, being this my third year in ICCC. The statistics that I Will present to you today, and the tools used to create them are elaborated in jtsec, an accredited CC laboratory, deeply involved in various standardization groups related to cybersecurity certification as you can see in this slide. If you want to know more about us, ou are welcome to check this slide or the jtsec website after the talk if you want to know more about us.
  4. Let’s start with a brief presentation of CCScraper tool.
  5. CCScraper is a script written in Python language that collects data from two principal sources: The main source is the list of certified products in commoncriteriaportal.org The second source is each of the websites of each National Certification Body, that produces and publishes Common Criteria certificates. From these two sources, the scraper collects and gather all the relevant data for each certified product: date of certification, assurance level, Protection Profile, product category, certification laboratory… and much more. The data is interpreted and put together into a list of unique certified products. From this data, we are able to generate several statistics. Today we will look and analyze some interesting ones.
  6. The first version of CCScraper was first presented here in the ICCC in 2018. We were very excited then to share the result of this work with the CC community… and I think we didn’t disappoint them. The second version, was presented in ICCC 2019 and it incorporated a new powerful feature: it started to collect data from websites of National Certification Bodies, and correlated it with the data com Commoncriteriaportal.org. Since then, statistics are much more complete and reliable. In 2020 and 2021 we presented minor versions that included efficiency improvements and stability fixes. Almost every year we need to update the scraper due to changes in the structure of the Certification Body websites. This year, we present CCScraper version “TWO DOT THREE”, with stability fixes in order to be able to parse NIAP site, and also support for German-language texts in BSI website. Regarding the Japanese CB website, there were many changes in the structure, so we had to completely rewrite the scraper code for this site.
  7. As always, we are glad to remind you that the statistics generated thanks to CCscrapper are put together into a report, at least once a year. We regularly publish it in JTSEC blog, so, please, feel free to check it and download the statistics for every year. For 2022, we’ll publish the final report with the statistics of the full year at the begining of the next year. So, please, Stay tuned!
  8. Now, let’s present the statistics that we created from the data collected by CCScraper this year
  9. CCScraper was run on the 30th " -thirtieth” of September of this year. Therefore, the data collected and used for these statistics corresponds to the the three first quarters of 2022. The total number of certifications during 2022 until end of September been one hundred and ninety six. The number of certifications has been decreasing as the quarters of the year have progressed. The same chart in 2021 <<<AT THE END OF SEPTEMBER>> showed 286 –two hundred and eighty six- certifications in the three first quarters, this is, ninety less certifications compared to last year. So, the first thing that we can observe is a huge difference and much lower numbers in comparison with last year.
  10. GRAN CAIDA DE US CON RESPECTO AL AÑO PASADO One of the most valuable statistics that we have been able to collect using CCScraper is the ranking of certifications per scheme during 2022. The numbers indicate that France is the champion with 44 certifications Netherlands is in the second place, repeating the lasts year’s position with 36. Japan raised to be in the top-3 with 28 certifications, last year was in the fifth place. Japan has increased 11 positions in the last two years. Germany falls one position, missing out on the podium. US is for the first time out of the podium, dropping to the fifth place. Sweden and Spain have raised one position compared to last year. For Spain, we hope that at the end of the year, jtsec will be in the list of labs that contribute to the statistic. Then, with less than TEN certifications we find Italy, Korea, Malaysia, Australia, Turkey and India, Singapore, and, surprisingly, Canada.
  11. If we look at percentage of certifications per scheme, the top two certifying schemes (Netherlands and France) are quite far from the rest occupy forty per cent of the total number of certifications. If we add Japan, the bronze medal this year, the top three add up to 54% (fifty four percent) of the total statistic. Other countries like Germany, US, Sweden are following with some distance. Spain is in the number 7. We are happy about this statistic, because it surpasses countries such as Italy or Canada and is close to countries such as Sweden, historically more prominent.
  12. If we take a look at the relative number of certifications for each assurance level or Protection Profile compliant certifications, PP-compliant certifications used to be the most common case in previous years, but this year EAL 4 has surpassed it. This year just 56 (fifty six) certifications have been done under a PP and 139 (one hundred and thirty nine) under an EAL. The main reason we believe this change has occurred is because of the significant decline in certifications in the US and Canada, the main countries where PPs are used. Regarding EALs, EAL 4 with fifty seven (57) is the most used one, followed by EAL 5, with (twenty five), and EAL6 with 19. As we can see, high assurance levels (EAL 4 to EAL 7) have predominated this year. In lower assurance, EAL2 was the most common, with 20 certifications. EAL1, this year, has just 2 certifications. There are no products certified with EAL 7 during this year.
  13. This particular statistic shows which assurance levels were the most used in the top certifying countries. We see a big change this year: usually United States is the country that certifies more products using PP-compliant evaluations. This year, Japan has taken the lead. Later in this presentation, we we’ll see why. US continues to use exclusively NIAP PPs, as it is mandatory for this scheme, In High assurance certifications, Frances is in the top #1 counting from EAL4 to EAL6 with 39 certifications. Netherlands had also good numbers in high assurance certifications with 31 and Germany is quite far with 15. The reason is the same as almost every year: the consolidated industry of smartcard and secure IC certifications, which keep growing. This year we also see several EAL6 certifications, due to Smartcards and ICs being certified using PP0084 augmented to EAL6.
  14. If we take a look to top 10 laboratories in 2022, Brightsight has been the laboratory with the highest number of certifications performed, with thirty four, repeating the first place this year. It is followed so far by CEA-Leti, with 24 certifications. The bronze medal is for SERMA with 15 certifications. The contribution of French labs this year has been outstanding. With 14 certifications we can find ECSEC, TUV and ITSC. After them, we can find ATSEC, APPLUS, Gossamer and DEKRA. Is nice to see two Spanish labs in the top ten.
  15. These charts show that vast majority of the certifications this year were protection profile - compliant, exactly eighty one percent, 7 per cent more than last year. We can definitively say that use of PPs has settled in the certification industry and it seems that this trend is here to stay. In the chart on the right, you will find the most used protection profiles in 2022. The most used PP during this year was the collaborative Protection Profile for Hardcopy Devices with more than thirty two per cent If you where wondering why Japan had so many certifications this year… this is due to a high number of certifications to hardcopy devices such as multifunction printers. Very close, in the third place, we can find Protection Profile for Network Devices, which is very popular every year. The Security IC Platform Protection Profiles goes down to the third place with more than twenty eight per cent, still it is the most used for high-assurance certifications. The Protection Profile for The Machine Readable Travel Document is one more year in the top four, as usual.
  16. We also collected information about the use of collaborative protection profiles. In 2022, 44% of the Protection Profiles used were collaborative PPs . If we take a look at the second pie chart, we will we see which cPPs have been the most used ones. The winner is of course the cPP for Network devices, with a huge difference over the second. This cPP, as most years, is the most popular. The second one is the Stateful Traffic Filter Firewalls cPP with fifteen percent, tied up with Network devices + Stateful Traffic Filter Firewalls The Full Drive Encryption reached only a 3% this year.
  17. And this year, of course, we also have the ranking of the top 5 manufacturers of Common Criteria certified products. We have to congratulate the winners again. The first position belongs to Thales, which was out of the podium last year. They are in the top #1 with 14 certifications. NXP is the second, following with 12 certifications, one more than the previous year. Samsung goes down two positions and ties with Infineon with 11 certifications. Huawei come up this year on the top 5 with 10 certifications. 3 out of five vendors repeated in the top five this years. IDEMIA (the fifth one last year) and CISCO (second place last year) are in 2022 out of the top 5. A curious data: in 2021, the top five vendors added up to SEVENTY FIVE 75 percent total certifications, but this year they only reach a total of 31 percent certifications. This means that this year, the protagonism has been spread over more diverse vendors.
  18. Another interesting statistic that we collected is: the product categories with more certifications. Just one note: we work with data categories defined in the commoncriteriaportal.org website, and those are listed in this pie chart. The top category in 2022 is the Integrated circuits, and smart cards. This is consistent with the third most used protection profile that we saw earlier. In the second place we can find Multi-Function Devices which agrees with the Protection Profile for Hardcopy Devices, the most used one this year. We need to say that vendors of multi-function devices don’t appear in the top vendor statistics. The reason is simple: there are many vendors of this type of device certifying few products each, such as Konica Minolta, Kyoicera, HP, Fujifilm, Toshiba, Ricoh, Canon… In the same way, network and network related devices category, has also good relative numbers, with twelve percent, many of them using the Network Devices cPP. Data-protection, operating systems and boundary protection devices were also very frequent.
  19. If you remember, we spoke before about highest assurance levels, which are not so common but there is a significant number this year. Of course, it is interesting to learn which vendors certified those products, and which product categories. As we said before, no EAL 7 certifications have been carried out, so we will show EAL 6 with 20 certifications. Infineon is the leader with 6 certifications, in the second place we find Samsung with 5, FOLLOWED BY NXP with 4. In 2021 the podium was the same but Samsung was the first, NXP second and Infineon third. STM is in the fourth place with two certification and Thales, Huawei, CEC HUADA and Giesecke are tied with one. All of them are certified as ICs, Smart Cards and Smart Card-Related Devices and Systems, using the regular PP augmented to EAL6. Congratulations!
  20. As collectors of CC certification data, this statistic is specially INTERSESTING to us. Since the first executions of the scraper, we noticed that not all the certified products are uploaded to commoncriteriaportal, some of them are published just in its National CB website. 39 were collected only from the CB websites… This chart shows that, from 196 (one hundred and ninety six) products certified in 2022, - one hundred and fifty-seven of them are published in Common Criteria Portal. - But thirty nine products are published only to the website of the certification body. This means an EIGHTY percent 80% of total certified products are uploaded to commoncriteria portal. It is a great number, but… it’s not 100%. We encourage CBs to keep the good work and upload their certifications to the CC Porta
  21. After presenting the statistics from 2022, now we Will show some interesting statistics and numbers for the last five years. This Will help us to verify if 2022 has presented deviations in the CC industry in relation with the previous years.
  22. If we look at the number of certifications per year,. We can see a stable trend with great number of certifications in the previous four years. 2021 ended with more certifications than 2018 and 2019, but with less than 2020. However, in the first 9 months of 2022, there are one hundred and forty eight less certifications than In 2021. We may see some increase at the end of the year, but it will be unlikely to catch up with or exceed the previous year's numbers These numbers are not promising and it may end up being the worst year in the last five. However, we said the same thing in October last year and it ended up being a great year, so let’s see how it ends…
  23. Regarding compliance of certified products, During the last five years, thirty five percent of the certifications WERE PP-COMPLIANT. This is the greatest percentage of all, and it goes in the same line as the data for 2021. After that, (I ei el )EAL5 was the most used assurance level, with more than 20 percent closely followed by EAL4, so we can confirm that the industry is demanding high assurance evaluations and. In low assurance, EAL2 has been the most frequent. Another interesting data: in the last five years, EAL6 certifications have surpassed the number of EAL1 EAL3 certifications together, and has almost tie with EAL2.
  24. If we analyze the relative number of certifications per scheme in the last five years we see some interesting information. In the 5 years statistic, we can find that France and US are the top producers of certifications. They have more than 20% each. The third, fourth and fifth positions are more contested and have changed in the couple of last years. Netherlands has consistently settled in the fourth place with 14% of the certification, Japan (with 12%) has overtaken Germany and is in the fourth place (with 10%). Sweden is in the sixth place and Spain, Canada and Korea tie with 3%. Italy completes the top 10, but Singapore is pushing. Australia and India don’t appear in this graph, but they have 7 and 6 certifications respectively.
  25. This chart shows the evolution of the top-five laboratories since 2018 (two thousand and eighteen). Brighsight is the leader and it has been increasing its numbers year after year, although this year was not so good for them as the previous two years. CEA-LETI is in the second place, and the accumulated numbers for 5 years are close to Brighsight’s. TUV is in the third place and SERMA, and GOSSAMER are following the podium, not so far. As we can see, the number of certifications this year is considerably lower in all the labs, and we don’t see labs where the numbers haven’t been impacted. If we look at the evolution, in 5 years, the common trend is clear: the number of certifications decreased in 2021 (with some exceptions) and has decreased even more in 2022…. Following the decaying trend for this year.
  26. Another interesting statistic is the evolution of the top-5 categories of certified products. It seems that the certifications of ICS, smartcards and similar devices –in red- DECAYED last year and have decayed even more this year. And it is still the category with the highest number of certifications. Multi – function devices category is in the second place and Network Devices and Systems are in the third place, far from the second Products for Digital Signatures seems to achieve similar figures this year Mobility appears in the top 5 the last five years. Boundary and Data protection are dropping since 2020
  27. So… you may wonder…. Which conclusions may we draw from all of these statistics for the current year?
  28. The most important highlight for this year’s statistic is the really low global number of certifications. The numbers that we have seen in the CC certification industry this year are not promising at all. At the end of September of 2021 there were 286 (TWO HUNDRED AND EIGHTY SIX) certified products, versus 196 (one hundred and ninety six) in this year. This means 90 less products in September. And, if we look at the end-of-year horizon 2021 ended with 335 (three hundred and thirty five) certifications. We don’t really believe that the numbers at the end of this year will come even close of the last year’s numbers. The reason is that it would require 148 more certifications before the end of the year. If we look individually at each country, US had a big drop in certifications, something that we had not seen in statistics of previous years. We can say that it’s the country most affected by the global drop, and there is no doubt that it has affected the statistics globally. Regarding laboratories, the top #1 laboratory didn’t change but, the rest of the top five presented various changes. This year, the French laboratories are back with a lot of presence in the ranking. As per products, Smartcards and hardcopy and multifunction devices were the most certified categories. Smartcards are one more year on the top. This was reflected in the top 5 of vendors: almost all of them were smart card manufacturers, with several high assurance certifications, including many EAL6.
  29. After summarizing the numbers, we definitely need to wonder why the global numbers of the CC industry have dropped so low. Again, this is one of the biggest drop that we have seen since we started collecting statistics. We have analyzed the situation and we can share some ideas with you. We believe there are some main factors affecting the CC certification industry: ONE is the raise of other certifications that respond to market needs. We can mention, as an example, the lightweight certifications that are conducted in national schemes. Examples: LINCE, CSPN, BSPZ, or BSPA. For sure, lightweight certifications don’t work for every possible scenario, such as high assurance required by smartcards. But, for other type of products they are enough, they are cheaper, and they are faster. We could also mention the upcoming EUCC certification: the European Common Criteria. Our hypothesis is that some vendors could be waiting for this standard to jump into the market, and they don’t want to spend resources on costly CC certifications, until then. We need to wait and see if, when EUCC becomes a reality, the numbers of CC keep being impacted. Of course, we can’t skip mentioning the necessity for cloud certifications. There is an awkward reality in this industry: there is zero support for cloud-based TOEs. Some work is being done to solve this but, as per today, there is no possibility of CC certifications for cloud based products. And, coincidently, the number of cloud products released is higher with each passing year. The market evolves to a cloud-based paradigm, and CC should evolve as well. And, how not? The shadow of the COVID pandemic still hovers over the CC industry. In 2020 and 2021 we saw significant impact but, at the end of these years, the numbers somehow raised and ended up well. We had discussed the impact of the pandemics in the industry previous years but… in 2022 we thought the situation was already coming to and end and that the industry wouldn’t be so affected. Well, we have also analyzed the situation and there could be some factors here: Some developments were started, before the pandemics, and they were certified on 2021 or 2022. This is, maybe, why the numbers of the last two years were not so impacted. But, those product developments that were started during the pandemic, many of them were stopped or discontinued, and they were never finished or certified. We think this is reflected in this year’s numbers. This is our humble view of the situation. Either if you agree or not, we are happy to hear your opinions and discuss with you. But, the uncontestable reality is shown by the numbers, and 2022 is being, and will be, a year with not so good numbers.
  30. Thank you very much for your attention. If you want to ask any question, please feel free. If you think of any other interesting statistic to generate, or if you think some numbers are not accurate, please contact us and we will take your feedback into account to improve. THANK YOU.