With our code audits and design reviews we support developers in designing and implementing secure (embedded) products. During a design review, the different security mechanisms that are present in the system design are assessed by our security experts. During a code audit, the actual implemented security mechanisms are verified. Both processes lead to a written report, which enables a developer to specifically address any potential security gaps and improve the overall security of his product. Consequently, if certification is required for such a product, it will undergo the evaluation process in an efficient way.

In many types of certifications code audits and design reviews are a required work item. A large part of a vulnerability analysis - the assessment of the strengths and weaknesses of a product - is based upon the results of a code audit and design review. A well-performed code audit and design review increase the correctness of the implemented security mechanisms and hence the assurance against attacks that may be directed at the product.

It may be useful to perform a code audit and a design review outside the scope of a certification - for some product categories a certification scheme may not even exist. We can offer a tailor-made process to assess the security mechanisms implemented in these products.

We have much expertise in the area of code audits and design reviews. Our experts are familiar with all programming languages used to implement the software of embedded products, ranging from high level languages, such as Java (Card) and C, to low level assembler languages of the different hardware platforms.