SlideShare a Scribd company logo
1 of 35
Download to read offline
❑ CC data collection with CCScraper
❑ CC statistics for 2021
❑ CC Statistics for 5 years
❑ Some historical CC statistics
❑ Conclusions
Contents
❑ José Manuel Pulido:
❑ Lead Cybersecurity Consultant and Senior
Cybersecurity Evaluator at jtsec
❑ Common Criteria expert
❑ CCToolbox developer
❑ More than 10 years of experience in cybersecurity
technologies
❑ Speaker at several conferences including ICCC20
About me
❑ Cybersecurity evaluation & consultancy services
❑ Common Criteria and LINCE accredited lab.
❑ Developers of the most powerful tool for
Common Criteria, CCToolbox.
❑ Involved in standardization activities (ISO,
CEN/CENELEC, ISCI WGs, ENISA CSA WGs, CCUF,
CMUF, ERNCIP, …)
❑ Members of the SCCG (Stakeholder Cybersecurity
Certification Group)
About us
❑ Web scraper written in Python. Created in 2018 by jtsec.
❑ CCScraper collects data about certified products from commoncriteriaportal.org
and from the websites of the Certification Body.
❑ Tons of interesting data collected: date of certification, EAL, PP, Product
Category, certification lab, etc. and even SFRs used or technical terms in the ST!
❑ Data is interpreted and organized / merged into a list of unique certified
products. We generate the statistics from that data.
What is CCScraper
❑ CCScraper v1.0 was first presented here in the ICCC in 2018.
❑ Only data from commoncriteriaportal.org was collected.
❑ CCScraper v2.0 was presented in ICCC 2019.
❑ Main feature: add information from CB websites and merge into unique products
❑ CCScraper v2.1 was presented in ICCC 2020, with mainly efficiency improvements and email alerts.
❑ This year we present CCScraper v2.2 with some upgrades for ICCC 2021.
❑ Find changes in CB sites in a quicker and more reliable way.
❑ Improved logic to avoid false duplicates.
❑ Some bugs fixed ☺
CCScraper history
❑ Modification of the name of some labs.
❑ We could include SERTIT (the Norwegian Certification Scheme) after
almost two years of website maintenance.
❑ We have had to change the way we constructed the OCSI (Italy) URLs
(so we had no access)
Latest challenges for CCScraper
❑ With the statistics generated, we publish CC statistics reports in jtsec
webpage, at least once per year.
CCscraper reports
❑ https://www.jtsec.es/blog-entry/44/common-criteria-
statistics-report-for-2019
❑ https://www.jtsec.es/blog-entry/85/common-criteria-
statistics-report-for-2020
Statistics – 2021 (9 months)
❑ 286 products certified during 2021 (data from 30/09/2021)
103
89
94
80 85 90 95 100 105
2021 Q3
2021 Q2
2021 Q1
❑ Top certifier schemes in 2021
Statistics – 2021 (9 months)
73
41 41
28
23
18 17
10
8 7 6 5 4
2
0
10
20
30
40
50
60
70
80
US NL DE FR JP CA SE ES MY IT TR AU KR IN
Statistics – 2021 (9 months)
❑ The top 3 schemes add up to 55% of the certifications!
US
26%
NL
15%
DE
14%
FR
10%
JP
8%
CA
6%
SE
6%
ES
4%
MY
3%
IT
2%
TR
2%
AU
2%
KR
1%
IN
1%
❑ Certified products compliance in 2021
Statistics – 2021 (9 months)
EAL1
0,70%
EAL2
17,89%
EAL3
6,32%
EAL4
13,68%
EAL5
11,58% EAL6
7,72%
EAL7
0,35%
PP
41,75%
18
6
12
7
8
42
21
8
12
14
5
27
1
12
4
15
12
9
50
0 20 40 60 80 100 120
EAL1
EAL2
EAL3
EAL4
EAL5
EAL6
EAL7
PP
2021 Q1 2021 Q2 2021 Q3
1
1
1
❑ Product assurance level per country during 2021
Statistics – 2021 (9 months)
0
10
20
30
40
50
60
70
80
EAL1 EAL2 EAL3 EAL4 EAL5 EAL6 EAL7 PP
JP
US
DE
FR
Others
NL
❑ Top 10 Laboratories (2021)
Statistics – 2021 (9 months)
Statistics – 2021 (9 months)
❑ Protection Profile certifications
13,67% 11,67% 17,00% 6,33%
0,00%
2,00%
4,00%
6,00%
8,00%
10,00%
12,00%
14,00%
16,00%
18,00%
Security IC
Platform
Protection
Profile
Protection
Profile for
Hardcopy
Devices
Protection
Profile for
Network
Devices
Machine
Readable
Travel
Document
Certifications
with PP
74%
Certifications without PP
26%
Certifications with Protection Profiles in 2021
Statistics – 2021 (9 months)
❑ PP and cPP compliant certifications in 2021
Network Devices
73%
Stateful Traffic Filter
Firewalls
16%
Full Drive Encryption
3%
Network Devices +
Stateful Traffic Filter
Firewalls
8%
Certifications using CPPs in 2021
Collaborative PPs
27%
Non-Collaborative
PPs
73%
Collaborative PPs vs Non-Collaborative
PPs
❑ Top 5 manufacturers of certified products (2021)
Statistics – 2021 (9 months)
=
+4
+4
-1
-4
❑ Top product categories (2021) and their evolution
Statistics – 2021 (9 months)
ICs, Smart Cards
and Smart Card-
Related Devices
and Systems; 29%
Other Devices
and Systems; 24%
Network and
Network-Related
Devices and
Systems; 13%
Multi-Function
Devices; 10%
Data Protection;
4%
Boundary
Protection
Devices and
Systems; 4%
Operating
Systems; 4%
Others; 12%
1
6
8
8
0 1 2 3 4 5 6 7 8 9
Arbit Cyber Defence Systems ApS
Infineon Technologies AG
NXP Semiconductors Germany GmbH
Samsung Electronics Co., Ltd.
❑ Manufacturers and categories that obtained EAL6 & EAL7
Statistics – Higher EAL manufacturers
Only one with EAL 7
1
2
20
0 5 10 15 20 25
Boundary Protection Devices and Systems
Java Card Protection Profile Open
Configuration
ICs, Smart Cards and Smart Card-Related
Devices and Systems
❑ Products uploaded to CC Portal vs products only in CB websites
Statistics – 2021 (9 months)
93%
7%
❑ Number of certifications in the last 5 years
❑ Will 2021 be the worst year of the last five?
Statistics – 5 years trend
❑ Compliance with EAL or PP of certified products (5 year)
Statistics – 5 years trend
EAL1
1,62%
EAL2
17,75%
EAL3
4,85%
EAL4
16,35%
EAL5
18,30%
EAL6
5,64%
EAL7
0,17%
PP
35,32%
❑ Certifications per country scheme in the last 5 years
Statistics – 5 year trend
FR
19%
US
23%
DE
13%
CA
6%
JP
8%
ES
4%
NL
7%
SE
5%
NO
2%
KR
2%
MY
3%
TR
2%
IT
2%
AU
1%
❑ Evolution of top 6 laboratories
Statistics – 5 year trend
0 20 40 60 80 100 120 140 160
CEA - LETI (FR)
TÜV (DE/JP)
SERMA (FR)
GOSSAMER (US)
Acumen (US)
BRIGHTSIGHT (*)
2017 2018 2019 2020 2021
❑ Evolution of top product categories (five years)
Statistics – 5 year trend
129
119
91
147
73
19
4
11
8 10
53
38
47
44 42
59
52
55
76
60
0
20
40
60
80
100
120
140
160
2017 2018 2019 2020 2021
ICs, Smart Cards and Smart Card-Related Devices and Systems Mobility
Multi-Function Devices Network and Network-Related Devices and Systems
❑ Number of certifications per country, historical (archived included)
Statistics – Historical Trends
16
66
67
98
99
104
117
122
132
149
239
439
544
857
898
1340
0 200 400 600 800 1000 1200 1400 1600
IN
IT
TR
NO
MY
AU
UK
SE
KR
ES
NL
CA
JP
DE
FR
US
❑ Technological terms found in Security Targets
Statistics – Historical Trends
Global numbers in the end of the Pandemics era
❑ 2021 shows overall a small number of
certifications, below the previous five years.
❑ The top certifying schemes show numbers very
similar to the ones in 2020 by this date, some
schemes are a bit up and some a bit down.
❑ Most of the top certification laboratories don’t
show big variations in their numbers with
respect to 2021.
❑ Exception: SERMA (3) as lab and ST
Microelectronics as vendor (1) in 2021.
Global numbers in the end of the Pandemics era
❑ Global numbers, they are very similar to 2020 by
30th September: 286 vs 284.
❑ In last year’s ICCC we were very pessimistic, but it
went really up during the Q4, and the year ended
with more than 390 certifications.
❑ We expected bigger impacts in certifications
started in 2020 and to be ended in 2021.
❑ Here we are and the numbers lead to pessimism
again… will we be wrong again?
jtsec Beyond IT Security
Granada & Madrid – Spain
hello@jtsec.es
@jtsecES
www.jtsec.es
Contact
“Any fool can make something complicated. It takes a
genius to make it simple.”
Woody Guthrie

More Related Content

What's hot

Mobile Convention Amsterdam 2015 - Polteq - Marc van t Veer/ Ruud Teunissen
Mobile Convention Amsterdam 2015 - Polteq - Marc van t Veer/ Ruud Teunissen Mobile Convention Amsterdam 2015 - Polteq - Marc van t Veer/ Ruud Teunissen
Mobile Convention Amsterdam 2015 - Polteq - Marc van t Veer/ Ruud Teunissen Mobile Convention Amsterdam 2015
 
Take your code and quality to the next level by Serena Software
Take your code and quality to the next level by Serena SoftwareTake your code and quality to the next level by Serena Software
Take your code and quality to the next level by Serena SoftwareSerena Software
 
Dimensions CM Summer VUG Presentation
Dimensions CM Summer VUG PresentationDimensions CM Summer VUG Presentation
Dimensions CM Summer VUG PresentationSerena Software
 
Software supply chain management: Gaining velocity without losing control
Software supply chain management: Gaining velocity without losing controlSoftware supply chain management: Gaining velocity without losing control
Software supply chain management: Gaining velocity without losing controlmatthewabq
 
Automated Testing Services
Automated Testing ServicesAutomated Testing Services
Automated Testing ServicesScienceSoft
 
Continuous Testing with Service Virtualization
Continuous Testing with Service VirtualizationContinuous Testing with Service Virtualization
Continuous Testing with Service VirtualizationSmartBear
 
Automated requirements based testing for ISO 26262
Automated requirements based testing for ISO 26262 Automated requirements based testing for ISO 26262
Automated requirements based testing for ISO 26262 QA Systems
 
Deploy Fast Without Breaking Things Webinar Presentation June 25
Deploy Fast Without Breaking Things Webinar Presentation June 25Deploy Fast Without Breaking Things Webinar Presentation June 25
Deploy Fast Without Breaking Things Webinar Presentation June 25Serena Software
 
Deploy + Destroy Complete Test Environments
Deploy + Destroy Complete Test EnvironmentsDeploy + Destroy Complete Test Environments
Deploy + Destroy Complete Test EnvironmentsParasoft
 
ATAGTR2017 An Innovative Take on Versa Test
ATAGTR2017 An Innovative Take on Versa TestATAGTR2017 An Innovative Take on Versa Test
ATAGTR2017 An Innovative Take on Versa TestAgile Testing Alliance
 
9 Characteristics of Agile Methodologies to Turbo-charge Your Testing by Rex ...
9 Characteristics of Agile Methodologies to Turbo-charge Your Testing by Rex ...9 Characteristics of Agile Methodologies to Turbo-charge Your Testing by Rex ...
9 Characteristics of Agile Methodologies to Turbo-charge Your Testing by Rex ...TEST Huddle
 
Evolving from Automated to Continous Testing for Agile and DevOps
Evolving from Automated to Continous Testing for Agile and DevOpsEvolving from Automated to Continous Testing for Agile and DevOps
Evolving from Automated to Continous Testing for Agile and DevOpsParasoft
 
DevOps Kata Modern Debugging
DevOps Kata Modern DebuggingDevOps Kata Modern Debugging
DevOps Kata Modern DebuggingJames Tramel
 
Mobile Test Automation with Big Data Analytics
Mobile Test Automation with Big Data AnalyticsMobile Test Automation with Big Data Analytics
Mobile Test Automation with Big Data AnalyticsTechWell
 
An Essential Guide to Effective Test Automation Leveraging Open Source
An Essential Guide to Effective Test Automation Leveraging Open SourceAn Essential Guide to Effective Test Automation Leveraging Open Source
An Essential Guide to Effective Test Automation Leveraging Open SourceRapidValue
 
Webinar: How to get localization and testing for medical devices done right
Webinar: How to get localization and testing for medical devices done right Webinar: How to get localization and testing for medical devices done right
Webinar: How to get localization and testing for medical devices done right Qualitest
 

What's hot (20)

Mobile Convention Amsterdam 2015 - Polteq - Marc van t Veer/ Ruud Teunissen
Mobile Convention Amsterdam 2015 - Polteq - Marc van t Veer/ Ruud Teunissen Mobile Convention Amsterdam 2015 - Polteq - Marc van t Veer/ Ruud Teunissen
Mobile Convention Amsterdam 2015 - Polteq - Marc van t Veer/ Ruud Teunissen
 
Mobile trends v3.0
Mobile trends v3.0Mobile trends v3.0
Mobile trends v3.0
 
Take your code and quality to the next level by Serena Software
Take your code and quality to the next level by Serena SoftwareTake your code and quality to the next level by Serena Software
Take your code and quality to the next level by Serena Software
 
Dimensions CM Summer VUG Presentation
Dimensions CM Summer VUG PresentationDimensions CM Summer VUG Presentation
Dimensions CM Summer VUG Presentation
 
Software supply chain management: Gaining velocity without losing control
Software supply chain management: Gaining velocity without losing controlSoftware supply chain management: Gaining velocity without losing control
Software supply chain management: Gaining velocity without losing control
 
Automated Testing Services
Automated Testing ServicesAutomated Testing Services
Automated Testing Services
 
Continuous Testing with Service Virtualization
Continuous Testing with Service VirtualizationContinuous Testing with Service Virtualization
Continuous Testing with Service Virtualization
 
Automated requirements based testing for ISO 26262
Automated requirements based testing for ISO 26262 Automated requirements based testing for ISO 26262
Automated requirements based testing for ISO 26262
 
Deploy Fast Without Breaking Things Webinar Presentation June 25
Deploy Fast Without Breaking Things Webinar Presentation June 25Deploy Fast Without Breaking Things Webinar Presentation June 25
Deploy Fast Without Breaking Things Webinar Presentation June 25
 
ATAGTR2017 Blockchain Based Testing
ATAGTR2017 Blockchain Based TestingATAGTR2017 Blockchain Based Testing
ATAGTR2017 Blockchain Based Testing
 
Deploy + Destroy Complete Test Environments
Deploy + Destroy Complete Test EnvironmentsDeploy + Destroy Complete Test Environments
Deploy + Destroy Complete Test Environments
 
ATAGTR2017 An Innovative Take on Versa Test
ATAGTR2017 An Innovative Take on Versa TestATAGTR2017 An Innovative Take on Versa Test
ATAGTR2017 An Innovative Take on Versa Test
 
9 Characteristics of Agile Methodologies to Turbo-charge Your Testing by Rex ...
9 Characteristics of Agile Methodologies to Turbo-charge Your Testing by Rex ...9 Characteristics of Agile Methodologies to Turbo-charge Your Testing by Rex ...
9 Characteristics of Agile Methodologies to Turbo-charge Your Testing by Rex ...
 
Evolving from Automated to Continous Testing for Agile and DevOps
Evolving from Automated to Continous Testing for Agile and DevOpsEvolving from Automated to Continous Testing for Agile and DevOps
Evolving from Automated to Continous Testing for Agile and DevOps
 
DevOps Kata Modern Debugging
DevOps Kata Modern DebuggingDevOps Kata Modern Debugging
DevOps Kata Modern Debugging
 
Mobile Test Automation with Big Data Analytics
Mobile Test Automation with Big Data AnalyticsMobile Test Automation with Big Data Analytics
Mobile Test Automation with Big Data Analytics
 
An Essential Guide to Effective Test Automation Leveraging Open Source
An Essential Guide to Effective Test Automation Leveraging Open SourceAn Essential Guide to Effective Test Automation Leveraging Open Source
An Essential Guide to Effective Test Automation Leveraging Open Source
 
Case study on functional testing
Case study on functional testingCase study on functional testing
Case study on functional testing
 
Webinar: How to get localization and testing for medical devices done right
Webinar: How to get localization and testing for medical devices done right Webinar: How to get localization and testing for medical devices done right
Webinar: How to get localization and testing for medical devices done right
 
ESS Software and Firmware
ESS Software and FirmwareESS Software and Firmware
ESS Software and Firmware
 

Similar to ICCC21 2021 statistics report

2022 CC Statistics report: will this year beat last year's record number of c...
2022 CC Statistics report: will this year beat last year's record number of c...2022 CC Statistics report: will this year beat last year's record number of c...
2022 CC Statistics report: will this year beat last year's record number of c...Javier Tallón
 
ICCC2023 Statistics Report, has Common Criteria reached its peak?
ICCC2023 Statistics Report, has Common Criteria reached its peak?ICCC2023 Statistics Report, has Common Criteria reached its peak?
ICCC2023 Statistics Report, has Common Criteria reached its peak?Javier Tallón
 
2020 Statistics Report. Is the industry surviving to lockdown?
2020 Statistics Report. Is the industry surviving to lockdown?2020 Statistics Report. Is the industry surviving to lockdown?
2020 Statistics Report. Is the industry surviving to lockdown?Javier Tallón
 
CCCAB tool - Making CABs life easy - Chapter 2
CCCAB tool - Making CABs life easy - Chapter 2CCCAB tool - Making CABs life easy - Chapter 2
CCCAB tool - Making CABs life easy - Chapter 2Javier Tallón
 
Assocham global conference audit data standards - 28.10.2020
Assocham global conference   audit data standards - 28.10.2020Assocham global conference   audit data standards - 28.10.2020
Assocham global conference audit data standards - 28.10.2020Vinod Kashyap
 
OpenSIPS Summit, Open Source Telecom Software Survey 2022
OpenSIPS Summit, Open Source Telecom Software Survey 2022OpenSIPS Summit, Open Source Telecom Software Survey 2022
OpenSIPS Summit, Open Source Telecom Software Survey 2022Alan Quayle
 
Meeting Today’s IT Support Challenges with CompTIA A+
Meeting Today’s IT Support Challenges with CompTIA A+Meeting Today’s IT Support Challenges with CompTIA A+
Meeting Today’s IT Support Challenges with CompTIA A+CompTIA
 
CyberScope - 2015 Market Review
CyberScope - 2015 Market ReviewCyberScope - 2015 Market Review
CyberScope - 2015 Market Reviewresultsig
 
Cisco Analytics: Accelerate Network Optimization with Virtualization
Cisco Analytics: Accelerate Network Optimization with VirtualizationCisco Analytics: Accelerate Network Optimization with Virtualization
Cisco Analytics: Accelerate Network Optimization with VirtualizationCisco Canada
 
Comptia networkplus-recert-rc0-n06-objectives
Comptia networkplus-recert-rc0-n06-objectivesComptia networkplus-recert-rc0-n06-objectives
Comptia networkplus-recert-rc0-n06-objectivesMajid Ali
 
The State of Open Source for Software Alliance Germany 2023-04-14
The State of Open Source for Software Alliance Germany 2023-04-14The State of Open Source for Software Alliance Germany 2023-04-14
The State of Open Source for Software Alliance Germany 2023-04-14Shane Coughlan
 
Internet of Things: Connected Devices Enabling Energy Management
Internet of Things: Connected Devices Enabling Energy ManagementInternet of Things: Connected Devices Enabling Energy Management
Internet of Things: Connected Devices Enabling Energy ManagementEnercare Inc.
 
Enhancing Network Performance with NOC Monitoring at HEX64.docx
Enhancing Network Performance with NOC Monitoring at HEX64.docxEnhancing Network Performance with NOC Monitoring at HEX64.docx
Enhancing Network Performance with NOC Monitoring at HEX64.docxHEX64
 
2021_Dec_Subex Network Analytics.pdf
2021_Dec_Subex Network Analytics.pdf2021_Dec_Subex Network Analytics.pdf
2021_Dec_Subex Network Analytics.pdfNourElHouda154307
 
Steps to Scale Internet of Things (IoT)
Steps to Scale Internet of Things (IoT)Steps to Scale Internet of Things (IoT)
Steps to Scale Internet of Things (IoT)Rafael Maranon
 
Ascom workshop qoe qos-newparadigm_4g
Ascom workshop qoe qos-newparadigm_4gAscom workshop qoe qos-newparadigm_4g
Ascom workshop qoe qos-newparadigm_4gAdrian Hall
 
ScaleFocus DACH Expertise
ScaleFocus DACH ExpertiseScaleFocus DACH Expertise
ScaleFocus DACH ExpertiseScaleFocus
 

Similar to ICCC21 2021 statistics report (20)

2022 CC Statistics report: will this year beat last year's record number of c...
2022 CC Statistics report: will this year beat last year's record number of c...2022 CC Statistics report: will this year beat last year's record number of c...
2022 CC Statistics report: will this year beat last year's record number of c...
 
ICCC2023 Statistics Report, has Common Criteria reached its peak?
ICCC2023 Statistics Report, has Common Criteria reached its peak?ICCC2023 Statistics Report, has Common Criteria reached its peak?
ICCC2023 Statistics Report, has Common Criteria reached its peak?
 
INGENIUS_XIMB_Iron and Steel
INGENIUS_XIMB_Iron and SteelINGENIUS_XIMB_Iron and Steel
INGENIUS_XIMB_Iron and Steel
 
2020 Statistics Report. Is the industry surviving to lockdown?
2020 Statistics Report. Is the industry surviving to lockdown?2020 Statistics Report. Is the industry surviving to lockdown?
2020 Statistics Report. Is the industry surviving to lockdown?
 
CCCAB tool - Making CABs life easy - Chapter 2
CCCAB tool - Making CABs life easy - Chapter 2CCCAB tool - Making CABs life easy - Chapter 2
CCCAB tool - Making CABs life easy - Chapter 2
 
Assocham global conference audit data standards - 28.10.2020
Assocham global conference   audit data standards - 28.10.2020Assocham global conference   audit data standards - 28.10.2020
Assocham global conference audit data standards - 28.10.2020
 
OpenSIPS Summit, Open Source Telecom Software Survey 2022
OpenSIPS Summit, Open Source Telecom Software Survey 2022OpenSIPS Summit, Open Source Telecom Software Survey 2022
OpenSIPS Summit, Open Source Telecom Software Survey 2022
 
Juan-Camacho-1.pdf
Juan-Camacho-1.pdfJuan-Camacho-1.pdf
Juan-Camacho-1.pdf
 
Meeting Today’s IT Support Challenges with CompTIA A+
Meeting Today’s IT Support Challenges with CompTIA A+Meeting Today’s IT Support Challenges with CompTIA A+
Meeting Today’s IT Support Challenges with CompTIA A+
 
CyberScope - 2015 Market Review
CyberScope - 2015 Market ReviewCyberScope - 2015 Market Review
CyberScope - 2015 Market Review
 
Cisco Analytics: Accelerate Network Optimization with Virtualization
Cisco Analytics: Accelerate Network Optimization with VirtualizationCisco Analytics: Accelerate Network Optimization with Virtualization
Cisco Analytics: Accelerate Network Optimization with Virtualization
 
Comptia networkplus-recert-rc0-n06-objectives
Comptia networkplus-recert-rc0-n06-objectivesComptia networkplus-recert-rc0-n06-objectives
Comptia networkplus-recert-rc0-n06-objectives
 
The State of Open Source for Software Alliance Germany 2023-04-14
The State of Open Source for Software Alliance Germany 2023-04-14The State of Open Source for Software Alliance Germany 2023-04-14
The State of Open Source for Software Alliance Germany 2023-04-14
 
Internet of Things: Connected Devices Enabling Energy Management
Internet of Things: Connected Devices Enabling Energy ManagementInternet of Things: Connected Devices Enabling Energy Management
Internet of Things: Connected Devices Enabling Energy Management
 
Enhancing Network Performance with NOC Monitoring at HEX64.docx
Enhancing Network Performance with NOC Monitoring at HEX64.docxEnhancing Network Performance with NOC Monitoring at HEX64.docx
Enhancing Network Performance with NOC Monitoring at HEX64.docx
 
2021_Dec_Subex Network Analytics.pdf
2021_Dec_Subex Network Analytics.pdf2021_Dec_Subex Network Analytics.pdf
2021_Dec_Subex Network Analytics.pdf
 
Steps to Scale Internet of Things (IoT)
Steps to Scale Internet of Things (IoT)Steps to Scale Internet of Things (IoT)
Steps to Scale Internet of Things (IoT)
 
Ascom workshop qoe qos-newparadigm_4g
Ascom workshop qoe qos-newparadigm_4gAscom workshop qoe qos-newparadigm_4g
Ascom workshop qoe qos-newparadigm_4g
 
EENA 2018 - Update on EENA Activities
EENA 2018 - Update on EENA Activities  EENA 2018 - Update on EENA Activities
EENA 2018 - Update on EENA Activities
 
ScaleFocus DACH Expertise
ScaleFocus DACH ExpertiseScaleFocus DACH Expertise
ScaleFocus DACH Expertise
 

More from Javier Tallón

Evolucionando la evaluación criptográfica - Episodio II
Evolucionando la evaluación criptográfica - Episodio IIEvolucionando la evaluación criptográfica - Episodio II
Evolucionando la evaluación criptográfica - Episodio IIJavier Tallón
 
Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...
Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...
Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...Javier Tallón
 
ICCC23 -The new cryptographic evaluation methodology created by CCN
ICCC23 -The new cryptographic evaluation methodology created by CCNICCC23 -The new cryptographic evaluation methodology created by CCN
ICCC23 -The new cryptographic evaluation methodology created by CCNJavier Tallón
 
Experiences evaluating cloud services and products
Experiences evaluating cloud services and productsExperiences evaluating cloud services and products
Experiences evaluating cloud services and productsJavier Tallón
 
TAICS - Cybersecurity Certification for European Market.pptx
TAICS - Cybersecurity Certification for European Market.pptxTAICS - Cybersecurity Certification for European Market.pptx
TAICS - Cybersecurity Certification for European Market.pptxJavier Tallón
 
La ventaja de implementar una solución de ciberseguridad certificada por el C...
La ventaja de implementar una solución de ciberseguridad certificada por el C...La ventaja de implementar una solución de ciberseguridad certificada por el C...
La ventaja de implementar una solución de ciberseguridad certificada por el C...Javier Tallón
 
EUCA23 - Evolution of cryptographic evaluation in Europe.pdf
EUCA23 - Evolution of cryptographic evaluation in Europe.pdfEUCA23 - Evolution of cryptographic evaluation in Europe.pdf
EUCA23 - Evolution of cryptographic evaluation in Europe.pdfJavier Tallón
 
Evolucionado la evaluación Criptográfica
Evolucionado la evaluación CriptográficaEvolucionado la evaluación Criptográfica
Evolucionado la evaluación CriptográficaJavier Tallón
 
España y CCN como referentes en la evaluación de ciberseguridad de soluciones...
España y CCN como referentes en la evaluación de ciberseguridad de soluciones...España y CCN como referentes en la evaluación de ciberseguridad de soluciones...
España y CCN como referentes en la evaluación de ciberseguridad de soluciones...Javier Tallón
 
EUCA 22 - Let's harmonize labs competence ISO 19896
EUCA 22 - Let's harmonize labs competence ISO 19896EUCA 22 - Let's harmonize labs competence ISO 19896
EUCA 22 - Let's harmonize labs competence ISO 19896Javier Tallón
 
EUCA22 Panel Discussion: Differences between lightweight certification schemes
EUCA22 Panel Discussion: Differences between lightweight certification schemesEUCA22 Panel Discussion: Differences between lightweight certification schemes
EUCA22 Panel Discussion: Differences between lightweight certification schemesJavier Tallón
 
EUCA22 - Patch Management ISO_IEC 15408 & 18045
EUCA22 - Patch Management ISO_IEC 15408 & 18045EUCA22 - Patch Management ISO_IEC 15408 & 18045
EUCA22 - Patch Management ISO_IEC 15408 & 18045Javier Tallón
 
Cross standard and scheme composition - A needed cornerstone for the European...
Cross standard and scheme composition - A needed cornerstone for the European...Cross standard and scheme composition - A needed cornerstone for the European...
Cross standard and scheme composition - A needed cornerstone for the European...Javier Tallón
 
¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?
¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?
¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?Javier Tallón
 
Is Automation Necessary for the CC Survival?
Is Automation Necessary for the CC Survival?Is Automation Necessary for the CC Survival?
Is Automation Necessary for the CC Survival?Javier Tallón
 
CCCAB, la apuesta europea por la automatización de los Organismos de Certific...
CCCAB, la apuesta europea por la automatización de los Organismos de Certific...CCCAB, la apuesta europea por la automatización de los Organismos de Certific...
CCCAB, la apuesta europea por la automatización de los Organismos de Certific...Javier Tallón
 
Automating Common Criteria
Automating Common Criteria Automating Common Criteria
Automating Common Criteria Javier Tallón
 
jtsec Arqus Alliance presentation
jtsec Arqus Alliance presentationjtsec Arqus Alliance presentation
jtsec Arqus Alliance presentationJavier Tallón
 
III Encuentro del ENS- Usando el CPSTIC/ENECSTI en la administración - Herram...
III Encuentro del ENS- Usando el CPSTIC/ENECSTI en la administración - Herram...III Encuentro del ENS- Usando el CPSTIC/ENECSTI en la administración - Herram...
III Encuentro del ENS- Usando el CPSTIC/ENECSTI en la administración - Herram...Javier Tallón
 

More from Javier Tallón (20)

Evolucionando la evaluación criptográfica - Episodio II
Evolucionando la evaluación criptográfica - Episodio IIEvolucionando la evaluación criptográfica - Episodio II
Evolucionando la evaluación criptográfica - Episodio II
 
Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...
Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...
Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...
 
ICCC23 -The new cryptographic evaluation methodology created by CCN
ICCC23 -The new cryptographic evaluation methodology created by CCNICCC23 -The new cryptographic evaluation methodology created by CCN
ICCC23 -The new cryptographic evaluation methodology created by CCN
 
Experiences evaluating cloud services and products
Experiences evaluating cloud services and productsExperiences evaluating cloud services and products
Experiences evaluating cloud services and products
 
TAICS - Cybersecurity Certification for European Market.pptx
TAICS - Cybersecurity Certification for European Market.pptxTAICS - Cybersecurity Certification for European Market.pptx
TAICS - Cybersecurity Certification for European Market.pptx
 
La ventaja de implementar una solución de ciberseguridad certificada por el C...
La ventaja de implementar una solución de ciberseguridad certificada por el C...La ventaja de implementar una solución de ciberseguridad certificada por el C...
La ventaja de implementar una solución de ciberseguridad certificada por el C...
 
EUCA23 - Evolution of cryptographic evaluation in Europe.pdf
EUCA23 - Evolution of cryptographic evaluation in Europe.pdfEUCA23 - Evolution of cryptographic evaluation in Europe.pdf
EUCA23 - Evolution of cryptographic evaluation in Europe.pdf
 
Hacking your jeta.pdf
Hacking your jeta.pdfHacking your jeta.pdf
Hacking your jeta.pdf
 
Evolucionado la evaluación Criptográfica
Evolucionado la evaluación CriptográficaEvolucionado la evaluación Criptográfica
Evolucionado la evaluación Criptográfica
 
España y CCN como referentes en la evaluación de ciberseguridad de soluciones...
España y CCN como referentes en la evaluación de ciberseguridad de soluciones...España y CCN como referentes en la evaluación de ciberseguridad de soluciones...
España y CCN como referentes en la evaluación de ciberseguridad de soluciones...
 
EUCA 22 - Let's harmonize labs competence ISO 19896
EUCA 22 - Let's harmonize labs competence ISO 19896EUCA 22 - Let's harmonize labs competence ISO 19896
EUCA 22 - Let's harmonize labs competence ISO 19896
 
EUCA22 Panel Discussion: Differences between lightweight certification schemes
EUCA22 Panel Discussion: Differences between lightweight certification schemesEUCA22 Panel Discussion: Differences between lightweight certification schemes
EUCA22 Panel Discussion: Differences between lightweight certification schemes
 
EUCA22 - Patch Management ISO_IEC 15408 & 18045
EUCA22 - Patch Management ISO_IEC 15408 & 18045EUCA22 - Patch Management ISO_IEC 15408 & 18045
EUCA22 - Patch Management ISO_IEC 15408 & 18045
 
Cross standard and scheme composition - A needed cornerstone for the European...
Cross standard and scheme composition - A needed cornerstone for the European...Cross standard and scheme composition - A needed cornerstone for the European...
Cross standard and scheme composition - A needed cornerstone for the European...
 
¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?
¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?
¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?
 
Is Automation Necessary for the CC Survival?
Is Automation Necessary for the CC Survival?Is Automation Necessary for the CC Survival?
Is Automation Necessary for the CC Survival?
 
CCCAB, la apuesta europea por la automatización de los Organismos de Certific...
CCCAB, la apuesta europea por la automatización de los Organismos de Certific...CCCAB, la apuesta europea por la automatización de los Organismos de Certific...
CCCAB, la apuesta europea por la automatización de los Organismos de Certific...
 
Automating Common Criteria
Automating Common Criteria Automating Common Criteria
Automating Common Criteria
 
jtsec Arqus Alliance presentation
jtsec Arqus Alliance presentationjtsec Arqus Alliance presentation
jtsec Arqus Alliance presentation
 
III Encuentro del ENS- Usando el CPSTIC/ENECSTI en la administración - Herram...
III Encuentro del ENS- Usando el CPSTIC/ENECSTI en la administración - Herram...III Encuentro del ENS- Usando el CPSTIC/ENECSTI en la administración - Herram...
III Encuentro del ENS- Usando el CPSTIC/ENECSTI en la administración - Herram...
 

Recently uploaded

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 

Recently uploaded (20)

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 

ICCC21 2021 statistics report

  • 1.
  • 2.
  • 3. ❑ CC data collection with CCScraper ❑ CC statistics for 2021 ❑ CC Statistics for 5 years ❑ Some historical CC statistics ❑ Conclusions Contents
  • 4. ❑ José Manuel Pulido: ❑ Lead Cybersecurity Consultant and Senior Cybersecurity Evaluator at jtsec ❑ Common Criteria expert ❑ CCToolbox developer ❑ More than 10 years of experience in cybersecurity technologies ❑ Speaker at several conferences including ICCC20 About me ❑ Cybersecurity evaluation & consultancy services ❑ Common Criteria and LINCE accredited lab. ❑ Developers of the most powerful tool for Common Criteria, CCToolbox. ❑ Involved in standardization activities (ISO, CEN/CENELEC, ISCI WGs, ENISA CSA WGs, CCUF, CMUF, ERNCIP, …) ❑ Members of the SCCG (Stakeholder Cybersecurity Certification Group) About us
  • 5.
  • 6. ❑ Web scraper written in Python. Created in 2018 by jtsec. ❑ CCScraper collects data about certified products from commoncriteriaportal.org and from the websites of the Certification Body. ❑ Tons of interesting data collected: date of certification, EAL, PP, Product Category, certification lab, etc. and even SFRs used or technical terms in the ST! ❑ Data is interpreted and organized / merged into a list of unique certified products. We generate the statistics from that data. What is CCScraper
  • 7. ❑ CCScraper v1.0 was first presented here in the ICCC in 2018. ❑ Only data from commoncriteriaportal.org was collected. ❑ CCScraper v2.0 was presented in ICCC 2019. ❑ Main feature: add information from CB websites and merge into unique products ❑ CCScraper v2.1 was presented in ICCC 2020, with mainly efficiency improvements and email alerts. ❑ This year we present CCScraper v2.2 with some upgrades for ICCC 2021. ❑ Find changes in CB sites in a quicker and more reliable way. ❑ Improved logic to avoid false duplicates. ❑ Some bugs fixed ☺ CCScraper history
  • 8. ❑ Modification of the name of some labs. ❑ We could include SERTIT (the Norwegian Certification Scheme) after almost two years of website maintenance. ❑ We have had to change the way we constructed the OCSI (Italy) URLs (so we had no access) Latest challenges for CCScraper
  • 9. ❑ With the statistics generated, we publish CC statistics reports in jtsec webpage, at least once per year. CCscraper reports ❑ https://www.jtsec.es/blog-entry/44/common-criteria- statistics-report-for-2019 ❑ https://www.jtsec.es/blog-entry/85/common-criteria- statistics-report-for-2020
  • 10.
  • 11. Statistics – 2021 (9 months) ❑ 286 products certified during 2021 (data from 30/09/2021) 103 89 94 80 85 90 95 100 105 2021 Q3 2021 Q2 2021 Q1
  • 12. ❑ Top certifier schemes in 2021 Statistics – 2021 (9 months) 73 41 41 28 23 18 17 10 8 7 6 5 4 2 0 10 20 30 40 50 60 70 80 US NL DE FR JP CA SE ES MY IT TR AU KR IN
  • 13. Statistics – 2021 (9 months) ❑ The top 3 schemes add up to 55% of the certifications! US 26% NL 15% DE 14% FR 10% JP 8% CA 6% SE 6% ES 4% MY 3% IT 2% TR 2% AU 2% KR 1% IN 1%
  • 14. ❑ Certified products compliance in 2021 Statistics – 2021 (9 months) EAL1 0,70% EAL2 17,89% EAL3 6,32% EAL4 13,68% EAL5 11,58% EAL6 7,72% EAL7 0,35% PP 41,75% 18 6 12 7 8 42 21 8 12 14 5 27 1 12 4 15 12 9 50 0 20 40 60 80 100 120 EAL1 EAL2 EAL3 EAL4 EAL5 EAL6 EAL7 PP 2021 Q1 2021 Q2 2021 Q3 1 1 1
  • 15. ❑ Product assurance level per country during 2021 Statistics – 2021 (9 months) 0 10 20 30 40 50 60 70 80 EAL1 EAL2 EAL3 EAL4 EAL5 EAL6 EAL7 PP JP US DE FR Others NL
  • 16. ❑ Top 10 Laboratories (2021) Statistics – 2021 (9 months)
  • 17. Statistics – 2021 (9 months) ❑ Protection Profile certifications 13,67% 11,67% 17,00% 6,33% 0,00% 2,00% 4,00% 6,00% 8,00% 10,00% 12,00% 14,00% 16,00% 18,00% Security IC Platform Protection Profile Protection Profile for Hardcopy Devices Protection Profile for Network Devices Machine Readable Travel Document Certifications with PP 74% Certifications without PP 26% Certifications with Protection Profiles in 2021
  • 18. Statistics – 2021 (9 months) ❑ PP and cPP compliant certifications in 2021 Network Devices 73% Stateful Traffic Filter Firewalls 16% Full Drive Encryption 3% Network Devices + Stateful Traffic Filter Firewalls 8% Certifications using CPPs in 2021 Collaborative PPs 27% Non-Collaborative PPs 73% Collaborative PPs vs Non-Collaborative PPs
  • 19. ❑ Top 5 manufacturers of certified products (2021) Statistics – 2021 (9 months) = +4 +4 -1 -4
  • 20. ❑ Top product categories (2021) and their evolution Statistics – 2021 (9 months) ICs, Smart Cards and Smart Card- Related Devices and Systems; 29% Other Devices and Systems; 24% Network and Network-Related Devices and Systems; 13% Multi-Function Devices; 10% Data Protection; 4% Boundary Protection Devices and Systems; 4% Operating Systems; 4% Others; 12%
  • 21. 1 6 8 8 0 1 2 3 4 5 6 7 8 9 Arbit Cyber Defence Systems ApS Infineon Technologies AG NXP Semiconductors Germany GmbH Samsung Electronics Co., Ltd. ❑ Manufacturers and categories that obtained EAL6 & EAL7 Statistics – Higher EAL manufacturers Only one with EAL 7 1 2 20 0 5 10 15 20 25 Boundary Protection Devices and Systems Java Card Protection Profile Open Configuration ICs, Smart Cards and Smart Card-Related Devices and Systems
  • 22. ❑ Products uploaded to CC Portal vs products only in CB websites Statistics – 2021 (9 months) 93% 7%
  • 23.
  • 24. ❑ Number of certifications in the last 5 years ❑ Will 2021 be the worst year of the last five? Statistics – 5 years trend
  • 25. ❑ Compliance with EAL or PP of certified products (5 year) Statistics – 5 years trend EAL1 1,62% EAL2 17,75% EAL3 4,85% EAL4 16,35% EAL5 18,30% EAL6 5,64% EAL7 0,17% PP 35,32%
  • 26. ❑ Certifications per country scheme in the last 5 years Statistics – 5 year trend FR 19% US 23% DE 13% CA 6% JP 8% ES 4% NL 7% SE 5% NO 2% KR 2% MY 3% TR 2% IT 2% AU 1%
  • 27. ❑ Evolution of top 6 laboratories Statistics – 5 year trend 0 20 40 60 80 100 120 140 160 CEA - LETI (FR) TÜV (DE/JP) SERMA (FR) GOSSAMER (US) Acumen (US) BRIGHTSIGHT (*) 2017 2018 2019 2020 2021
  • 28. ❑ Evolution of top product categories (five years) Statistics – 5 year trend 129 119 91 147 73 19 4 11 8 10 53 38 47 44 42 59 52 55 76 60 0 20 40 60 80 100 120 140 160 2017 2018 2019 2020 2021 ICs, Smart Cards and Smart Card-Related Devices and Systems Mobility Multi-Function Devices Network and Network-Related Devices and Systems
  • 29.
  • 30. ❑ Number of certifications per country, historical (archived included) Statistics – Historical Trends 16 66 67 98 99 104 117 122 132 149 239 439 544 857 898 1340 0 200 400 600 800 1000 1200 1400 1600 IN IT TR NO MY AU UK SE KR ES NL CA JP DE FR US
  • 31. ❑ Technological terms found in Security Targets Statistics – Historical Trends
  • 32.
  • 33. Global numbers in the end of the Pandemics era ❑ 2021 shows overall a small number of certifications, below the previous five years. ❑ The top certifying schemes show numbers very similar to the ones in 2020 by this date, some schemes are a bit up and some a bit down. ❑ Most of the top certification laboratories don’t show big variations in their numbers with respect to 2021. ❑ Exception: SERMA (3) as lab and ST Microelectronics as vendor (1) in 2021.
  • 34. Global numbers in the end of the Pandemics era ❑ Global numbers, they are very similar to 2020 by 30th September: 286 vs 284. ❑ In last year’s ICCC we were very pessimistic, but it went really up during the Q4, and the year ended with more than 390 certifications. ❑ We expected bigger impacts in certifications started in 2020 and to be ended in 2021. ❑ Here we are and the numbers lead to pessimism again… will we be wrong again?
  • 35. jtsec Beyond IT Security Granada & Madrid – Spain hello@jtsec.es @jtsecES www.jtsec.es Contact “Any fool can make something complicated. It takes a genius to make it simple.” Woody Guthrie