Codenomicon, the Finland-based security firm that claimed discovery (along with Google’s Neel Mehta) and branded the Heartbleed bug, has launched a new verification program designed to help critical systems manufacturers test the security and robustness of their products.
Dubbed CodeVerify by the company, the program provides security and robustness testing metrics for critical systems, including medical devices, industrial control systems (ICS), networking equipment, software applications, and even for the automotive industry. The program aims to help organizations improve product security as a part of their development process, Codenomicon said.
The verification process has four phases, three of which involve internal work using automated testing tools that allow manufacturers to improve the development process without straining their resources. In the first phase, the product is scanned for third-party and open source components that could pose a security risk. Then, interfaces that are exposed to attacks are identified through a network scan.
In the third phase, protocol implementations are tested using Codenomicon’s Defensics security testing platform which, according to the company, is already successfully leveraged by organizations such as Verizon and the United States Food and Drug Administration (FDA). These verifications are repeated until no weaknesses are found, Codenomicon said.
In the final phase of the verification process, the test results are sent to Codenomicon, whose experts conduct an external review of the product. Once testing is complete, solutions that pass the test are given the CodeVerified status.
“As the Internet of Things continues to progress, a higher level of visibility is required to ensure true safety and security. While our customers have found our tools to be invaluable in helping them build more secure and robust devices, they are looking for a best-of-breed standard to set as a baseline goal for security,” explained Codenomicon CEO David Chartier.
“CodeVerify caters to the demands of these leading companies who have been asking for a benchmarking standard so that as they continue with their testing and analysis, they can easily compare their products against the most mature, secure and robust standards. Using Codenomicon tools allows them to test and gain visibility at the highest levels. CodeVerified confirms this status to the industry at large.”