Commend partners with SBA to enhance cybersecurity in product development

MAHWAH, N.J. – Security and communications provider Commend is celebrating what it calls a milestone following its collaboration with SBA Research on cybersecurity.

Since March 2022, a joint research project has seen experts with both groups that had been focusing on the security-critical aspects of Commend’s software development. Their key objective the company said was centered around the ability to run rigorous systematic security analyses and tests already at the very earliest stages of product and software module design. Commend implemented the principle of “Privacy and Security by Design” as the standard for developing Cloud-native “Symphony” products. As a result, the products come with IT security embedded firmly in their technical genes from the earliest stages of development.

“It’s a crucial ability to have as a developer of Cloud-native solutions such as our Symphony platform,” Commend’s project leader, Klaus Hirschegger, explained. “Working with SBA Research has allowed us to implement methods for checking individual parts of our software for potential risks at extremely early stages of the coding process. This way, we can make appropriate changes and take the necessary precautions before taking the applications to the next stage. In technical terms this is referred to as a ‘shift-left approach’ to software development. This means that security tests are no longer performed at the end of the development phase, as used to be the case until not long ago. Instead, these tests are run at critical junctures throughout the entire development process. It’s an efficient way to prevent security vulnerabilities in the finished product.”

Commend said that these efforts are all bundled under the overarching term, “Privacy and Security by Design”, and that this is made possible by leveraging the latest research from areas such as mathematical modelling and security testing, as provided by the MATRIS Research Group.

“I’m always fascinated to see how research and methods from international cooperations find their way into practical products and services. Especially complex industrial systems and processes profit hugely from these kinds of synergies,” said SBA’s project leader, Reinhard Kugler. “It’s knowledge from all kinds of different fields such as security testing, machine learning or threat modelling that provide the necessary basis. They all combine to enable security assessments and tests during the concept and design phase even before even a single line of code is written. Best of all, this allows the software engineer to track data flows back to the very code lines that generate them.”

As a result, Symphony passed its testing regimen with flying colors, being able to fend off attacks in pen testing. While Head of Commend R&D Michael Thalhammer notes there’s no such thing as 100% perfect cyber-protection, their latest research allows them to put their design principles into practice, letting them get close to that standard.

More information on products and services available at www.commend.com.