Trustonic and Riscure work closely together to drive more secure technology implementations. In this whitepaper, the experts of Trustonic and Riscure offer their insights into different certifications and standards, the common misconceptions of the industry, and the Secure Development Lifecycle (SDL). SDL is a process that standardizes security best practices across a range of products and/or applications. Development teams who are required to build SDL can either build their own or they can follow pre-defined examples from companies like Microsoft and Cisco. This paper thoroughly discussed both options with professional expertise from both Trustonic and Riscure.
This paper offers an introduction to the Secure Development Lifecycle (SDL) and to the difference between testing, evaluation and certification. It also explains how they apply to the platform and application layers of devices, offers insight into the different certification bodies and requirements and discusses secure development lifecycles before highlighting the value of certification for key vertical markets and implementations. Throughout the paper, a number of misconceptions are clarified, and expert insights offered.
Security is increasingly becoming a product differentiator and business enabler in devices, which is, therefore, the necessary basis for the successful technical and business innovation. The impact of a successful breach can be catastrophic, with a significant impact on end-user confidence and loyalty. Moreover, in this paper we discuss the relevance of testing, evaluation and certification for two ‘layers’ of a device:
- a secure platform
- an application that can run partially on the secure platform.
This whitepaper is the most valuable for the development teams interested in implementing secure development, executives like CEOs and CFOs wishing to prevent reputational and revenue losses, and product managers working on securing their products and data.