Riscure announces that it has won a grant from the Netherlands Enterprise Agency (Rijksdienst voor Ondernemend Nederland) to further develop fuzzing techniques to discover security vulnerabilities in embedded devices. The purpose of this initiative of the Dutch government institution is to advance device security and relevant knowledge in general. Riscure’s current developments of fuzzing in their own True Code software product were proven to be effective and worthy of further exploration.
Riscure’s True Code initiative aims to bring security capabilities and knowledge closer to the designers and developers of devices and embedded software. In this industry, the security of software is particularly important since exploitable vulnerabilities can eventually be used to compromise the entire security chain of a device. Among different methods to assess the security of code, fuzzing has been one of the most prominent recently because it offers an automated way to identify vulnerabilities, such as improper handling of input data.
However, in embedded code with its close connection to specific hardware, fuzzing is rather hard to implement in order to be effective. Riscure’s existing fuzzing functionality in True Code already allows development teams to apply this evaluation method during development and reduce the number of security errors in production. Riscure’s efforts were recognized as important research that helps improve the overall device security. Therefore, Riscure was awarded a grant to continue research in this direction and further improve fuzzing capabilities.
More information about Riscure True Code is available on our website. If you would like to discuss how to apply fuzzing to your embedded software development, please get in touch with us via firstname.lastname@example.org.