Security automation is relevant if you seek continuous security analysis of software. The benefit of security automation is that developers will be more free to focus on what is seen and enjoyed by customers, and the company as a whole will be less vulnerable to cyber attacks. Security automation is increasingly adopted by both big tech companies and startups as a way of ensuring security of software as it is being developed.

Our software automation team has many years of collective experience in this area, here are some examples of what we have been involved in previously:

• Security analysis tooling integrated into CI/CD pipelines
• Dynamic analysis and fuzzing integration into software
• Development of extensive fuzzing suites
• Static analysis integration and static analysis tool development

The value brought by security automation is an increased and constant monitoring on the security of your software. This is crucial for projects that move fast and change on a rapid basis, since security automation will be significant in catching bugs early in the development process.

The result and deliverable of our security automation services comes as security analysis integration into your projects in the form of code. We can submit code patches to your repositories and set up proper infrastructure for running the security analysis procedures.

Examples of security automation deliverables include:

• Fluent bit fuzzing: CNCF blog post and full report
• Linkerd2-proxy fuzzing: Linkerd2 blog post and full report.

Our software auditing service is the traditional process to secure software by manually analyzing software in order to capture potential flaws. Assessing the security of a modern software package is a complex task that requires expert knowledge and skills and our team of elite security engineers can help you audit your software for security flaws and compliance issues. We can help with tasks such as identifying vulnerable code patterns, analyse the thread model and capture incorrect business logic.

The value from our software auditing services is increased understanding and confidence in the security of a software package. This is needed for any modern software package that is used in a manner where a potential compromise can have negative effects on your business.

The result and deliverable of our auditing service is a report describing the complete auditing process undertaken. This includes initial analysis of the software as well as a detailed description of the issues and vulnerabilities found, and the threat model used.

Example deliverables include:

• Auditing Envoy Proxy fuzzing infrastructure for improvements. Full report

We offer a service for continuous bug fixing software as it evolves. Fixing bugs can in some instances take weeks, resulting in a huge delay on the release of a project. The bug will need to be fixed regardless of how it is done - the choice is whether developers continue to produce more software or spend time correcting what they have already produced. Hiring external bug fixers shifts responsibility away from software developers, allowing projects to remain on schedule and secure.

This service largely arose due to the nature of increased security automation that has resulted in bugs being discovered on a regular basis as projects develop. Our bug fixing service is a monitoring service that combines well with our security automation service. When bugs occur our analysis team will analyse the flaw and propose mitigations.

The value behind continuous bug fixing is that it frees up time from your developers to focus on features as well as increased assurance in high quality patches being used for the bug fixes. This service works well for software packages that are large and where the issues found by security automation require complex mitigation patches.

The result and deliverable of our continuous bug fixing services is through code patches as well as a constantly evolving report documenting all of the fixes applied to your software.

We offer research and development services in areas around software security tooling. Our team of researchers have extensive experience developing security products in both industry and academia. We can help in all stages of your project, such as idea generation and problem solving, implementation as well as using your product to have impact. Our expertise are in the areas:

• Automated vulnerability analysis
• Program analysis
• Security automation
• Binary analysis
• Software verification

The value and deliverables of our research & development services differs a lot between the projects we engage with. In the majority of cases, the result of an engagement is a software tool that can be used in practice and thus the value comes in the form of a pragmatic tool. In most cases the resulting tool constitutes a new product for our client and we have experience both developing products used for internal use by our clients as well as external client-facing products.

In addition to our standard online self-paced courses we also offer tailored software security training. This can be both content creation for in-house topics that revolve around your own products or extensions to our existing courses in more specialised fields.

We can deliver the tailored training based on our proprietary software security training platform, which means we can deliver self-paced training focused on your content and have it scale to all of your employees. The platform has extensive features for content delivery as well as interactive learning which means you will get a high-quality course that can be used to rapidly upskill your employees.

The value from tailored training is that we can create content focused on your needs and reduce the time needed for your employees to upskill in your specific area. The deliverable of a tailored training is the course contents as well as delivery of the training.