Cyber security in embedded SW design

Create a security model for the product

Understanding your key assets and threats are core issues when creating the security model of your new product. Creating a security model means designing the security controls in such a way that identified threats are mitigated and the attack surface is minimized. These are the core principles of security by design.

Security by Design and DevSecOps

At Etteplan the security by design principle is taken seriously. For instance, threat modeling with help of a security expert helps our development teams identify the threats and design the proper mitigations. Threat modeling and other security tools and methods make products secure enough to be part of safety critical systems.

We call our process as DevSecOps. Security is everyone’s responsibility and it is embedded in our R&D process.  The value of our service is that the customer doesn’t need to worry about cyber security when the product is ready.

Fuzzing is fun and the HW debugger is our favorite tool

One concrete practical example of our core competencies in cyber security is negative testing, e.g. fuzzing with the Bluetooth protocol. Fuzzing is one of the most effective ways to find 0-day vulnerabilities in the latest IoT protocols for instance. Read more about fuzzing here.

Also, passion for work with hardware, e.g. playing with oscilloscopes and different HW debuggers, makes our people superb hardware hackers!

Reading tip

A good read for understanding secure software development is Ficora’s (Finnish Communications Regulatory Authority) ’Turvallinen tuotekehitys’ guidelines (available only in Finnish).