Our heritage makes us a strong secure development partner
Since 2001, Riscure has been at the forefront of creating new methods to evaluate the security of embedded and connected devices. Our analysts are among the best globally and continue to research challenges with security while they work at Riscure. At the same time, analysts work on hundreds of projects, enabling you to tap into an unparalelled experience base.
Riscure also continuously develops tooling and training to enable you to “help yourself” during development, whenever tooling or internal resources could in fact replace manual effort by a third party.
Secure development services we offer
Embedding security expertise in your development team (posting)
Our security analysts are among the best in the world and an outstanding added value to your development team as they aim to achieve a robust security result. From requirements design, to secure coding support and all the way to final verification, our embedded experts will drive a better result, faster! Ask us how we can bring the best support to your development team.
Security Canvas workshop
Enable your development team to start security by design in a war-games like setting with one of our analysts. Objective of the service is to have your team think through assets to protect, attacker profile, threat models and a series of attack trees which will help guide development. More information here.
Security requirements design
We have extensive experience with security requirements design for both schemes and vendors. Create crystal clarity for your and your supply chain 3rd party development teams around the security result you are aiming for.
Secure integration support
One of the most critical challenges to obtain a secure end-result is the integration of a variety of components as well as hardware, software, drivers and applications. Our analysts often see critical errors in that area and can assist you in avoiding mistakes and/or fixing identified problems.
What is the most secure solution? You know you want to integrate a third party offer in your device, but are not sure which of the options is the best or most relevant choice? Let our team test through the options and demonstrate pros and cons of each, so you can make the best choice.
Secure development knowledge transfer
How to spot and test for hardware and software vulnerabilities. How to protect secure boot. How to avoid common (in)secure coding mistakes… Riscure Training Academy provides both public as well as custom training options to step-change your capabilities. More on Training Academy.
Embedding security in end-to-end systems architecture
With the progressive move towards an IoT, network enabled and connected landscape, the security question ranges from the endpoint to the server and whether a solution is “robust” will depend on the security choices taken across that landscape.
With extensive and senior experience in security from chips to endpoint devices to communication hubs and server applications, our Principal Security Analysts can assist your engineers in designing an architecture “fit for purpose” with the necessary security measures at the right points in the system.
Architecture (design) review
Solve security problems early and avoid the massive costs (sometimes 1000x) of fixes late in development. Our analysts review your proposed architecture or design and will be able to point out weaknesses, so you can fix them before development gets too far along.
As part of our devops offer, we can sync up our Software VA (vulnerability analysis) team and your software development team to spot code vulnerabilities and enable your team to course correct during development. Our IDE intergation tool will allow teams to collaborate effectively around the diagnostic findings. More on Vulnerability analysis.
Riscure Assurance Program
Riscure provides you with the opportunity to evaluate your device or solution against a set of requirements and, upon passing evaluation and penetration testing, receiving a Riscure Assurance certificate for the specific category of device. This enables you to demonstrate security performance of your solution towards your own client, without having to resort to handing over a security evaluation report including a large amount of potentially IP sensitive information.
Company lab support for SCA and FI
Our well-trained analysts are at your disposal for on-site assistance to help you get the most out of your use of SCA and FI tooling.