Riscure True Code is a software testing solution built with a security focus, specifically including real-world attack scenarios. It allows to identify and fix high-priority security vulnerabilities, thus avoiding the high cost of fixing late, in the field or not being able to meet security regulatory requirements. True Code is a specialized tool, focused on embedded software with high expectations for security, developed in C and C++ languages.
Addressing the hardware attacks in software
Many existing software evaluation solutions focus on the abstract quality of code, which requires developers to go through numerous ‘alerts’, with just a few of them resulting in an exploitable vulnerability. Riscure, as a vendor with more than 15 years of experience in hardware security, understands the need to address software vulnerabilities. After all, even Fault Injection attacks on hardware need to also be remediated in code. Ever-growing complexity of modern software is another key factor that needs to be addressed. While we realize the need of ‘quantitative’ assessment of developer’s work, we wanted to focus on actual vulnerabilities that are likely to be exploited.
Riscure True Code delivers the following benefits:
- Context-driven code review to reduce false positives. While it is impossible to predict all potential weaknesses in a software solution, we focus on what really matters for security.
- Better collaboration and streamlined reporting. True Code was built to reduce the management overhead and simplify cooperation between development and evaluation teams.
- Saving costs and reducing time to market. True Code improves confidence in the robustness of your development. It reduces costs before the project is done by speeding up vulnerability identification. It also reduces chances of costly redevelopment, if a vulnerability is discovered during the production stage.
- Unique hardware security angle. At Riscure we are bridging the gap between hardware and software development teams. Leveraging our experience in hardware attacks, we have implemented ground-breaking code checks that allow your team to spot code practices that may lead to a complete circumvention of security mechanisms.
Rolf van Gent, Director of sales and business development for True Code, comments: “With True Code, Riscure enters a code review market with serious competition. That’s why from day one we wanted to focus on practical value that our solution brings to customers. Riscure True Code does not identify all potential errors in software, but it highlights those that have a high chance to be exploited. We are confident that our customers will benefit from adding True Code to their development infrastructure, by speeding up the development and improving collaboration, and, ultimately, reducing security costs”.
Pricing and availability
Riscure True Code is available on a subscription basis, with the price depending on the customer project size (lines of code). This approach allows our customers to receive updates as soon as they are available. Riscure is committed to expanding the scope of code checks and functionality of our solution. True Code is available as a standalone tool, but can also be integrated into Eclipse IDE.
How to learn more about Riscure True Code?
Visit the product page on our website. Also, feel free to sign up to attend our dedicated webinar, where our experts will demo True Code in real time. This webinar is intended for IoT product managers, team/project leaders, IoT security analysts/architects and secure boot engineers responsible for secure IoT devices developed in C(++) looking to substantially increase the security of their IoT devices by learning more about code reviewing, automated detection of logical and fault injection vulnerabilities and simulation of fault injection attempts. The webinar is scheduled on July 14, with three sessions to suit our customers from all time zones. Use the links below to register. This event is hosted by Rolf van Gent, Director of sales and business development for True Code, and Erwin in’t Veld, Product Manager, Riscure Security Tools.
Sign up to attend:
- The first session (recommended for Middle East and Asia): 8:30 AM CEST | 2:30 PM CST | 3:30 PM JST – Click here to register.
- The second session (recommended for Europe): 3:00 PM CEST | 4:00 PM EEST – Click here to register.
- The third session (recommended for North America): 6:00 PM CEST | 12:00 PM EDT | 9:00 AM PDT – Click here to register.