The project’s main goal was to develop, implement and evaluate processes and tools for handling vulnerabilities in third party software components. This is related to the well known area of software component analysis (SCA). Debricked takes some of the research results, extends and improves them, and offers them to the market.
What Debricked does
Security is not a tool or a practice that can be applied once with the hope of solving all past, current, and future problems. Debricked strongly believes that secure products can only be achieved by increasing awareness in all parts of an organizations, have well defined policies and activities for working with security, and on top of that have tools that are used to make the security process more efficient, accurate, and complete. Many companies are today left with the option to use third party consultants for auditing, reviewing and testing security. While this certainly increases the awareness, and hopefully the security, of developed and maintained products, the long-term solution is instead to make sure that the awareness penetrates all parts of the organization.
Based on this, Debricked today offers a complete solution for improving the handling of vulnerabilities in software, including
- Tools for efficiently identifying, prioritizing and evaluating vulnerabilities in third party components
- Customized training packages that allows customers to better understand and take actions upon discovered vulnerabilities
Our tool maps the software components used in products and releases to known vulnerabilities in these. It also provides a highly customizable interface for tracking and comparing different products and components in order to determine how a product’s security is developed over time. Performance is improved through the use of machine learning and natural language processing and the tool also takes advantage of recommender system techniques in order to make customer specific prioritization of vulnerabilities.
Our training packages focuses on increasing the security awareness and technical security competence in an organization, and is suitable for all parts of the organizations from developers and product owners, to maintenance and sales. Our training packages typically takes the form of lectures combined with practical sessions. Debricked also offers a Capture-the-flag event combined with short presentations, allowing the participants to get a thorough learning experience focused on a specific subject.
In addition to this, Debricked offers services such as penetration tests and secure protocol, software and algorithm design.