The document discusses the importance of software security in the context of IoT and smart applications, emphasizing that cyber-attacks doubled in 2015. It highlights the need for secure software development practices and certifications like Common Criteria to protect sensitive data as connected devices proliferate. Key industry experts stress the necessity of integrating security from the initial stages of development to mitigate risks efficiently.

1. SOFTWARE SECURITY,
SECURE SOFTWARE
DEVELOPMENT
in the age of IoT, Smart Things,
embedded applications

2. some news about software
security in 2015

3. Cyber-attacks against businesses ‘doubled in
2015’ by venturebeat - read the article
Should Software Companies Be Legally Liable For
Security Breaches? by techcrunch - read
'The IoT is the Internet of Easy Home Hacking'
by venturebeat - read

4. source url

5. Trends up to 2020

6. „Like the physical universe, the digital universe is large – by 2020
containing nearly as many digital bits as there are stars in the universe.“
- Market Research EMC/IDC
„By 2020, 100 million light fixtures will be network controlled. At least as
many gaps to access sensitive customer data will emerge.“
- Forbes and On World
25 billion networked devices by 2020

7. source url

8. R&D activity in the chip industry
the hardware ecosystems

9. Read it
STM secure MCU line
The ST33TPM12LPC has received security certification based on
the certified TPM protection profile (Revision 116) with
Common Criteria Evaluation Assurance Level (EAL) 4+. This
ensures that the product totally meets TCG certification
requirements and is now listed as Certified TPM by the TCG
organization

10. Read the full DS
STM’ Kerkey; Security Module for
Smartmetering system
- Protection profile for the Security Module of a Smart Meter
Gateway (Security Module PP)
- ECC support for NIST-P-256
- Digital signature generation and verification with ECDSA
- Key agreement with Diffie-Hellman (ECKA-ECDH) and El
Gamal (ECKA-EG)
- PACE with ECDH-GM-AES-CBC-CMAC-128 for secure
messaging
- On-chip ECC key pair generation

11. Embedded Security
Infineon Secure MCU line
Embedded security with Common Criteria certified
platforms OPTIGA™ Trust P – All-in-one device for
Authentication

12. IoT homepage
Infineon IoT landscape
Security matters: The IoT is built on many different
semiconductor technologies, including power management
devices, sensors and microprocessors. Performance and security
requirements vary considerably from one application to
another. One thing is constant, however. And that is the fact that
the success of smart homes, connected cars and Industrie 4.0
factories hinges on user confidence in robust, easy-to-use, fail-
safe security capabilities. The greater the volume of sensitive
data we transfer over the IoT, the greater the risk of data and
identity theft, device manipulation, data falsification, IP theft
and even server/network manipulation
IoT security

13. secure software
development approach

14. webinar
Build Your Software Securely
it’s challenging to keep pace with the rapidly changing
development environment while ensuring security and
compliance requirements are not compromised.

15. download pdf
The Ten Best Practices for Secure Software
Development
“In the 80’s we wired the world with cables and in the 90’s we
wired the world with computer networks. Today we are wiring
the world with applications (software).
Having a skilled professional capable of designing, developing
and deploying secure software is now critical to this evolving
world.”
Mark Curphey,
Director & Product Unit Manager, Microsoft Corporation,

16. read the blog
How to develop software the secure, Gary
McGraw way
Ensuring security in software, Gary McGraw has long argued,
means starting at the code level: That is, build security in from
the start. McGraw, chief technology officer at Cigital Inc. and
recognized as the industry's foremost software security expert,
has said that enterprises too often focus on repairing damage
post-breach and fixing bugs after launch. Instead, he argues,
greater attention to security in the earliest stages of software
development would greatly reduce the percentage of successful
attacks, and minimize damage when malicious hackers do
succeed.

17. Testing, Inspection and Certification
(TIC) industry role
- Common Criteria -

18. Read the full intro
Why is CC recommended for developers?
1. Common Criteria is a standard about Information Technology
Security Evaluation, which, is true to its name Commonly
accepted all over the World, in 25 countries.
2. The standard defines a construct of creating the system of the
product security, in an implementation-independent structure
called Protection Profile, or in an implementation-dependent
structure called Security Target, giving the possibility to create a
truly product-fitting security requirement construct.
3. The security requirements are set up in a system based on the
assets of the product, and the threats to be countered, taking into
consideration the security policies and assumptions, satisfying
the security objectives . . .

19. Learning the latest technology:
IoT, hardware security, software
security

20. IoT certification
Learn about IoT device, hardware security...
online courses
sw security
hw security product mgmt

21. External service providers in the value
chain: Providing Trust -Security
-----
intro DoSell solution providers

22. download intro pdf
Software & IT Security Evaluation Services
Common Criteria accredtited laboratory offers consultancy,
evaluation services, as a Certified Evaluation Facility.
• Card applets (ID cards, access cards, signature cards, etc.)
• Detection Devices and Systems(Log analysers, Vulnerability
managers, etc.)
• Data Protection Software (Backup solutions, Cryptographic
solutions, etc.)
• Access control systems (Access analysers, Authentication systems,
Policy managers, etc.)
• Boundary Protection Systems ( Software firewalls, Secure messaging
platforms, etc.)
• Other systems (Mobile computing, RFID systems, IoT, embedded
application, Smart metering etc.)

23. download case study
Secure Software Development HUB
Back-end architecture development: Java EE - OSGi, node.js
Enterprise Architecture Development end-to-end
Large scale CMS, E-commerce system development
RAD technology (framework)
Rapid application development: Angular JS
In-depth cryptography and software security solutions
for Start-up: up to MVP end to end product design, management
Scrum Project management, and Business Analyst service
Scrum teams outsourcing

24. CONTACT US
TIBOR.ZAHORECZ@DOSELL.IO