Our heritage makes us a strong secure development partner
Whether you are developing a product for a specific market or or a generic chipset relevant for multiple markets, Riscure can use years of experience and extensive knowledge of the security field to support you in your development process.
We are your partner that can train in-house talent on security as well as share knowledge and experience as an extension of your development or blue team or function as security testers embedded in your development team.
Our focus is on empowering our customers to efficiently manage the needed level of security allowing you to focus on delivering the functionality of your innovative product.
Prepare for security certification/market access
Riscure is accredited and considered an expert of the highest level by many relevant bodies in several industry verticals. In payment our certification includes EMVCo, PCI, card brands such as VISA, Mastercard, Discover, American Express, and Cartes Bancaires. In the Media market we are the most relevant security testing provider for risk owners such as CAS vendors ( Nagra, Irdeto) and DRM vendors (Microsoft, Google and ChinaDRM). In the common criteria certification domain, we are recognized as a technology savvy vendor that can provide assurance of cutting edge technologies. We have worked also on Industrial, Automotive and general IoT products where certification is only starting for the domain of embedded products (for example with ARM PSA or SESIP).
With such a great overview of different market security needs, you can use Riscure preparatory services to get ready and successfully pass any relevant certification or prepare for your market security needs.
All our developer support services are seamlessly integrated in the relevant design or development stage. These developer support services include gap analysis (for market/certification), readiness preparation as well as pre-certification support such as pre-evaluation, pre-testing and security evaluation tools and training.
Security training and talent development
Riscure offers a complete range of security training for embedded devices as well as component development. Train your team to save costs, reduce risk and build competitive advantage by implementing security by design.
Increase the security maturity of your team. We recommend for the developers to follow our Essential FI with Inspector, Essential SCA with Inspector, and Secure Coding Fundamentals. These training will help your team to boost their knowledge and skills in the secure development process.
Benchmark security test your solution
Riscure offers assessments to help you develop sufficient security for your needs:
- Design and architecture review
- Implementation review
- Software and hardware vulnerability analysis
A security design review of a solution evaluates the high-level architecture, and is performed on both hardware and software components. Having an expert security review during design, your team has the opportunity to correct major design flaws early on and at a very low costs. We find that a majority of security issues in final product originate in fundamental architectural flaws in the beginning.
Software vulnerability analysis is using an expert code reviewer aided with security test tools to find potential implementation issues in software. Since we combine expertise in hardware and software, we are a recognized expert in security issues on the critical hardware-software boundary of devices… Vulnerabilities on the HW/SW boundary are very important to prevent since they cause issues where hackers can attain significant priviliges on a system.
Hardware component vulnerability analysis takes the architecture review a step further by analyzing a particular implementation of a critical system component. As the foundation of security, hardware can be subjected to various attacks that includes logical, fault injection, side channel and physical attacks.
Build security requirements as a risk owner
Riscure has a lot of experience with different security requirement sets aiming to protect solutions and assets in different industries (payment, CC, IoT, media). We have been invited numerus times to support risk owners of different markets to build requirement sets adjusted to the market and technology needs. If you have the need to manage security risks with suppliers and vendors in your market, we can help you build the secure foundation.
Test the security of your supplier products
During your development process, you could be using a component supplier that can affect the security of your product, affect your assets as well as cause liability issues and brand damage to your product. Riscure can help you with security testing of the product component and aligning security guidelines to achieve a successful integration with minimal risks.