TrueDeploy
Lead Participant:
EDINBURGH NAPIER UNIVERSITY
Abstract
Cybercrime is estimated to cost the world economy $10 trillion annually by 2025, up from $3 trillion in 2015\. We have transitioned to a world where every business is underpinned by technology. Software remains the weakest link. This is because software is composed of various code libraries developed by others, similar to how a car is made up of many thousand components. These software libraries are developed by third parties where it is difficult, if possible, to gain visibility into their development practices.
In a recent audit by Synopsys of over 1700 codebases, 96% contained open-source code, and 84% had at least one vulnerability. 54% of these also had licensing conflicts. Knowing the 'ingredients of the cake', the provenance of all software components, is critical but often overlooked. Recent cyber-attacks (SolarWinds, Kaseya) and open-source code vulnerabilities (Log4j) have highlighted security challenges in the software supply chain.
However, many organisations are unable to address these issues due to lack of knowledge and a skills gap in the market. Those who do currently have to perform an extensive, tedious, and time-consuming exercise to gather data from multiple siloed systems to answer questions typically presented in a spreadsheet.
TrueDeploy eliminates software security and dependency risks by simplifying the process of developing, supplying and securing software. TrueDeploy's vision is to make software secure by creating a new standard for software security. Our product seamlessly integrates with existing systems used by software engineering teams, and provides a single view of the security status of a company. Additionally, our solution helps companies to tackle their software security challenges through insights and recommendations focused on even non-security-savvy personnel. This reduces the time and cost associated with the development process, making it easier for organisations of all sizes to deploy secure software.
User testing highlighted that companies must provide information on their current development processes to 3rd parties. This is a time-consuming process, requires specialist skillsets, and data is scattered across many disparate development systems. Key personas within each target company clearly state that the need to gather and report upon development artefacts relating to how they develop secure software is a real pain and has a significant detriment to their business.
Among other advantages of our innovation, it is in line with the US presidential mandate as the security model it advocates follows the NIST 800-218 software security specification.
In a recent audit by Synopsys of over 1700 codebases, 96% contained open-source code, and 84% had at least one vulnerability. 54% of these also had licensing conflicts. Knowing the 'ingredients of the cake', the provenance of all software components, is critical but often overlooked. Recent cyber-attacks (SolarWinds, Kaseya) and open-source code vulnerabilities (Log4j) have highlighted security challenges in the software supply chain.
However, many organisations are unable to address these issues due to lack of knowledge and a skills gap in the market. Those who do currently have to perform an extensive, tedious, and time-consuming exercise to gather data from multiple siloed systems to answer questions typically presented in a spreadsheet.
TrueDeploy eliminates software security and dependency risks by simplifying the process of developing, supplying and securing software. TrueDeploy's vision is to make software secure by creating a new standard for software security. Our product seamlessly integrates with existing systems used by software engineering teams, and provides a single view of the security status of a company. Additionally, our solution helps companies to tackle their software security challenges through insights and recommendations focused on even non-security-savvy personnel. This reduces the time and cost associated with the development process, making it easier for organisations of all sizes to deploy secure software.
User testing highlighted that companies must provide information on their current development processes to 3rd parties. This is a time-consuming process, requires specialist skillsets, and data is scattered across many disparate development systems. Key personas within each target company clearly state that the need to gather and report upon development artefacts relating to how they develop secure software is a real pain and has a significant detriment to their business.
Among other advantages of our innovation, it is in line with the US presidential mandate as the security model it advocates follows the NIST 800-218 software security specification.
Lead Participant | Project Cost | Grant Offer |
|---|---|---|
| EDINBURGH NAPIER UNIVERSITY | £59,926 | £ 59,926 |
People |
ORCID iD |
| Pavlos Papadopoulos (Project Manager) |