Security
Quality means doing the right thing, even when nobody asks.
We live our culture everywhere
Security culture
- The problem
- When it comes to developing new platforms or implementing new features, the topic of security is just as unsexy as documentation and is often treated very poorly.
- Companies are rethinking things
- Due to numerous, successful and expensive attacks by hackers, many companies have recently started to rethink things. The topic of security occupies a prominent place in software development and is no longer seen as optional. We welcome this development very much, because it fits in with the security culture that we have lived since the company was founded.
- What do we think of it?
- As the development of highly secure software for companies is one of our core tasks, security for us starts right at the bottom with the operating system. Through the consistent use of Linux systems, whether on our workstations or in the high-security clusters we manage in various data centers: communication with our customers, exchange of code and data, as well as our internal processes are shaped by the topic of security.
For our customers
Our developers have a vested interest in the topic of security, which we regularly promote.
- Security guidelines and standards
OWASP, Software Development Guidelines, ISO 27001, ISMS, Common Criteria, ETSI or SDLC are just a selection of the standards we work with every day in our projects.
- Training
Always keeping an eye on new technologies, end devices and market developments while networking with research centers and universities. Speed in the training and further development of our employees is extremely important to us.
- Personal interest
Our employees are characterized by a private interest in the topic of security. From private data protection, securing private systems or private Open Source projects - the topic of security is always present on our coffee machine.
Best Case
Secure by Design
In the best case, the issue of security for a software product is considered holistically and finds its way into all areas of software development.
- Technology and patch management
- The use of current and modern tools and technologies goes without saying. Since the software development industry is extremely fast-moving, appropriate patch management is part of it right from the start. Libraries and packages must be regularly updated in order to close possible security gaps and always remain up to date with the latest technology.
- Data security
- With the EU GDPR, the terms data security and data protection are generally known. But how is data encrypted on hard drives? How can data be transferred securely? And how do you ensure that no one gains unauthorized access rights? We provide answers to all of these questions.
- Secure code
- The four-eyes principle using code reviews has been part of our standard processes for decades when it comes to developing code. Regular pen tests check the developed software for possible vulnerabilities before it is delivered to the customer.
- Security architecture
- When planning software products, the idea of security must be given a central part at the table. Most security gaps can be prevented in advance by a sensible software architecture. Similar to building a house, subsequent changes to the statics (in our case the software) often involve a lot of effort and risk.
- Secure development environment
- It's not just the application itself that needs to be secure. The environment in which the software is planned and developed is also subject to strict security precautions. Our location in Siegen has already been audited several times by the BSI according to Common Criteria.