Focus on Safety
Today, software controls all important machine and business processes
Informationally and functionally secure software and firmware is a basic prerequisite for reliable, secure and efficient utilisation of business processes, machines and devices.
Request a personalized offerSoftware development begins with source code - text written in high-level languages that contains the instructions for a programme. Source code is therefore the basis for defining the functionality of a programme and forms the basis for all IT applications and systems. Every digital tool, every application and every system begins as source code.
Whether operating system or application, software performs specific tasks - from the management of system resources to the execution of user applications. At hardware level, it performs the basic functions of a device as embedded software or firmware.
This results in three main objectives that are typically pursued during programming:
Whether it's a smart home system, enterprise application or IoT device - code analysis is essential for finding and eliminating errors and vulnerabilities. The analysis can be carried out both at source code level and at binary code level, but the methods have different strengths and areas of application. Source code analysis, known as static application security testing (SAST), examines the source code of software, while binary analysis examines the compiled code.
If the source code is available, a static software analysis is the preferred approach, as this allows potential security vulnerabilities to be identified early on in the development phase. It also ensures that the code is written according to certain security standards. This is why source code analysis is also part of high-security testing and certification, such as Common Criteria. Binary analysis can also be used to analyse software whose source code is not available. In this way, hidden threats in third-party components and proprietary libraries can be uncovered.
Automated source code analysis uses tools to identify security vulnerabilities and code errors. It provides fast and consistent results, but has limitations due to its limited ability to recognise complex errors. This is why IT security experts perform manual software reviews, which enable in-depth checks and an assessment of code quality in context. Software testing and certification provides formal confirmation of compliance with standards. This leads to increased trust among customers and business partners and demonstrates compliance with legal and industry-specific requirements. These approaches complement each other and offer a comprehensive strategy for ensuring software quality and security.
There are currently various evaluation and certification systems, all of which aim to increase the certainty that components and systems offer adequate protection against cybersecurity attacks. However, certification can only address attacks that are known today, with a limited outlook into the future. When examining today's certification systems, one common feature can be identified to mitigate this limitation: the requirement for the product to provide means to fix a security vulnerability at any time, even after successful certification. At first glance, this may sound like a contradiction to security certification, but it is more a reflection of what consumers are already used to: frequent patches distributed to our personal computers on well-planned, regular patch days.
Another observation one can make when comparing today's certification schemes is that they address the security of the product or industry-specific functionalities of the component or system and add the requirement of a (secure) patch mechanism.
However, the reality is often different, especially when considering embedded devices such as integrated circuits (ICs) or system-on-chips (SoCs). Here, in contrast to pure software development, the lead time for wafer production and wafer testing becomes a decisive factor and often forms the bottleneck for time-to-market considerations. It is therefore advantageous to bring forward these time-consuming steps and to have solution-agnostic, universal hardware paired with a universal firmware loader available before the start of solution-specific firmware development. At the same time, decoupling these steps also simplifies logistics on the manufacturer's side.
To address this industry approach, the TÜVIT firmware update evaluation concept presented here only evaluates the patch or firmware update mechanism, regardless of the functionalities for which the component or system is ultimately used.
The certificate is valid for two years.
Certification by TÜVIT provides proof of trust and security vis-à-vis business partners and customers, even though, or especially when, the final use case has not yet been determined.
Yes, in particular there is the option of adapting the depth of evaluation, and therefore the time and costs of the test, to the expected attack potential. Further details can be found in the certification concept.
Absolutely! The concept provides for penetration testing after a prior design and code review. If the TÜVIT experts discover weaknesses at this stage, these are addressed to the manufacturer, thus improving both the product and the chances of successful certification.
Basically yes. A secure FW loader is the basis of every secure IT product. Certification methodologies such as the Common Criteria or IEC 62443 therefore justifiably require a security check of these functionalities. When developing the set of criteria, we therefore paid particular attention to the possibility of reuse for a wide variety of applications.
Good reasons that speak in our favour