The Trusted Computing Group (TCG) as a standards organization is committed to receiving and responding to reports of potential vulnerabilities in TCG-developed technologies such as specifications, reference code, and reference documents. Our goal is to provide our adopters with timely information, guidance, alpha pharmacy online shopping and mitigation options to address vulnerabilities. The TCG Vulnerability Response Team (VRT) is chartered and responsible for coordinating the response and disclosure of specification vulnerabilities that are reported to TCG. A security vulnerability is classified by its severity rating, which is determined by many factors, including the level of effort required to exploit a vulnerability as well as the potential impact to data or business activities from a successful exploit.

Trusted Computing Group announced that its TPM 2.0 (Trusted Platform Module) Library Specification was approved as a formal international standard under ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission). TCG has 90+ specifications and guidance documents to help build a trusted computing environment. Membership in the Trusted Computing Group is your key to participating with fellow industry stakeholders in the quest to develop and promote trusted computing technologies.

Trusted Computing

These specifications include the TPM Software Stack specification (TSS) and separate specifications for PCs, mobile, embedded and virtualized platforms. TCG has released the TPM 2.0 Library specification that provides updates to the previous published TPM main specifications. TCG recommends that reporters also contact the Vulnerability Response Teams for the vendor whose implementation contains the potential issue. Please submit any comments or feedback on the above-mentioned specifications to TCG Administration. The TPM 2.0 specification is a "library specification", which means that it supports a wide variety of functions, algorithms and capabilities upon which future platform-specific specifications will be based. The TPM 2.0 specification will be used as the basis for creation of TPM specifications for different platforms.

Intel Highlights Latest Security Investments at RSA 2020

TCG uses the Common Vulnerability Scoring System version 3.1 (CVSS v3.1) to identify the severity level of identified vulnerabilities. TCG follows multi-party coordinated disclosure practices, under which vulnerabilities are generally publicly disclosed only after mitigations are made available to customers. This allows the vendors the opportunity to triage and offer tested updates, workarounds, or other corrective measures before any involved party discloses detailed vulnerability or exploit information to the public. Multi-party coordinated disclosure industry best practices is designed to protect technology adopters. Public disclosure of a potential vulnerability before mitigations are deployed could allow adversaries to exploit the vulnerability.
Standards-based Trusted Computing technologies developed by TCG members now are deployed in enterprise systems, storage systems, networks, embedded systems, and mobile devices and can help secure cloud computing and virtualized systems. TCG strives to provide the remedy or corrective action in the shortest commercially reasonable time. TCG VRT will coordinate with the finder throughout the vulnerability investigation and provide the finder with updates on case progress. Other TCG specifications detail how the TPM can be implemented in various platforms through TCG platform specific specifications.