HomeNewsInterviewsAnalysisArticlesIssuesWho We AreEventsContact

BEAM Technology : Software Verification and Evaluation Center

12 February 2013 · 14:57
Issue 40News

BEAM Technology has been operating as an independent Software Verification and Evaluation Center since 2011. Upon completion of a software testing infrastructure investments inside Technology Development Center of Middle East Tecnical University, BEAM Technology started to work with government agencies, enterprises and defence contractors worldwide. By reaching annual goals even from its first year of establishment, BEAM sets its vision to satisfy whole quality and security assurance requirements of its clients and becomes one of the most reputable evaluation facility globally.

BEAM Technology is providing solutions and services in order to increase the security and quality of software products either developed or procured. By using international standards and best practices BEAM Technology is reducing the development costs as well as increasing the quality of the outcome significantly.

In order to achieve the business objectives, BEAM Technology is continously investing for R&D. With the support of an EUREKA Standard Fund, BEAM Technology is developing its own Code Review Automation Solution named "CODCORE" with the total budget of 600K USD. On the other hand, BEAM is also working on automating dynamic and static security analysis over cloud as a service.

Currently, BEAM Technology is supporting its clients mainly on Secure Software Development process and collaborating with defence contractors either during internationally recognized certification phase or formal verification of system requirements during development and integration.

BEAM Technology has a deep knowledge and implementation experience on Common Criteria Standard, which is accepted as IT Security Evaluation Criteria in more than 26 countries. Since the standard is depending on independent verification of security and assurance requirements of a product, BEAM Technology can support vendors either at development phases or phase according to the nature of the IT product.

Even though the threats and security risks on operational enviroment of Defence Projects are limited, the attack potential on the environment is usually "high" and thats why security requirements of any project should assessed completely and carefully be during the analysis phase. A well defined and complete threat modelling and risk assessment should be done before the design phase, which will be mapped and traced during implementation and testing of the solution. Since Common Criteria Standard is setting up the formal method for secure development, implementation and testing of IT products the compliance to this standard will significantly increase the level of security as well as increasing the development capability of the vendor. With a verified and certified solution, the vendor also finds the opportunity to access more than 26 different markets with a secure product label including US, UK, Germany, Japan, Canada and etc.

Over the years of software evaluation, BEAM Technology has gained a solid experience on many team’s approaches to software development and implementation as well as flaws that exist on those approaches. Mostly, these flaws are detected during developer’s own testing, other times BEAM’s independent testing or vulnerability analysis. The common characteristic of these flaws is that the cost to fix these flaws as soon as they are introduced in the products is much more lower compared to its fix during vulnerability analysis. This fact has lead BEAM to introduce a product to allow developer’s themselves to detect those fixes, namely CODCORE. CODCORE, is a review environment for developers to review their code with the aid of computer, in other words static analysis. CODCORE seeks to provide an environment for developers to review each other’s code in an efficient manner to identify flaw at development time, as well as to increase collaboration between team members and build a common development culture. The overall aim is to help developers to develop maintainable software on time, within budget.

According to our core abilities, BEAM Technology completed plenty of projects with government agencies, enterprises and defence contractors. Within one of these projects, BEAM Technology supported to Energy and Natural Resources Ministry, under verification phases and it has been completed successfully. In this manner the quality, security and performance of the software have been increased.

Within the Common Criteria Standard capabilities, BEAM Technology has also supported to the evaluation of the product that is developed by ASELSAN, in EAL 4 level. Also there are two projects that are still in progress with Labris and Netsafe in EAL4+ levels.

Even its second year on business, BEAM Technology manages to complete challenging software verification and assessment projects both at Defence, Energy and Finance sectors with success. In the following years, the experienced team of the company is planning to extend its domain worldwide especially on defence industry in order to satisfy the quality, security and safety requirements of Software Projects.