Contact
QR code for the current URL

Story Box-ID: 964651

achelos GmbH Vattmannstraße 1 33100 Paderborn, Germany http://www.achelos.de
Contact Mr Prof. Dr. Eric Bodden +49 5251 5465150
Company logo of achelos GmbH

In a joint CogniCrypt transfer project, Fraunhofer IEM and achelos improve the quality for secure software implementation

There are many potential pitfalls when using cryptographic APIs

(PresseBox) (Paderborn, )
Veracode published its new State of Software Security Report in January 2019. Producing this report involved analysing over two trillion lines of code over a full year. The results are alarming. More than 85 percent of all applications investigated display at least one weakness, many of which have been occurring for years and often affect cryptography.

This is precisely where the Fraunhofer IEM comes in with CogniCrypt, a tool for static code analysis. The product provides information on the quality of the program code and the cryptographic libraries used. In the "It’s OWL" transfer project, Fraunhofer IEM and achelos GmbH spent four months working together on further developing CogniCrypt. The results were incorporated in the open source product in the form of a knowledge transfer and added support for other cryptographic libraries.  

Continuous knowledge transfer in the transfer project

The security experts at achelos incorporated the product in the continuous integration process of their software development operations and tested the tool. achelos was able to contribute its profound cryptographic knowledge within the scope of the project and made a valuable contribution to the development of CogniCrypt. Within the project, CogniCrypt was enhanced by new sets of rules. The new rules allow CogniCrypt to detect security vulnerabilities when using other libraries (Bouncy Castle). The rules defined within the project are fully compliant with Technical Guidelines 02102-1 of the German Federal Office for Information Security (BSI).

CogniCrypt makes software development more secure and high-grade: The tool also supports the experts at achelos during code reviews, as the tool provides proof that the application interfaces (APIs) have been used correctly. "The cryptographic expertise of achelos brought us significant added value in the further development of CogniCrypt," comments Dr. Johannes Späth, Senior Expert at Fraunhofer IEM, summarising the successful cooperation with achelos. "Security and cryptography rank among our core competencies. In the project with Fraunhofer IEM, we were able to incorporate our practical experience in the high-performance tool," adds Kathrin Asmuth, Managing Partner at achelos GmbH.

About CogniCrypt
The CogniCrypt tool was developed within the scope of the CROSSING Collaborative Research Initiative at the Technical University of Darmstadt and in cooperation with the Heinz Nixdorf Institute at the University of Paderborn. It allows companies operating in the field of security and cryptography to identify and then eliminate security-critical misuse of cryptographic libraries quickly and reliably, as well as to generate secure cryptographic integration code for various common usage scenarios fully automatically. With the support of the Fraunhofer IEM, CogniCrypt was further developed to market maturity and can be integrated into the Eclipse development environment.
www.eclipse.org/cognicrypt/

About the Fraunhofer IEM:
From its location in Paderborn, Germany, the Fraunhofer Institute for Mechatronic Systems Design IEM offers expertise for intelligent mechatronic solutions in the context of Industry 4.0. Scientists from the fields of mechanical engineering, software engineering and electrical engineering engage in interdisciplinary collaboration here, researching innovative methods and tools for development of intelligent products, production systems and services.
www.iem.fraunhofer.de/en.html

About the "It’s OWL" technology network
In the "It's OWL – intelligent technical systems OstWestfalenLippe" technology network, over 200 companies, research institutes and organisations develop solutions for intelligent products and production methods. With the support of the State of North Rhine-Westphalia, projects with a total value of €100 million are set to be implemented between 2018 and 2022. The key focus topics are artificial intelligence, digital platforms, digital twins and work in the fourth industrial revolution, Industry 4.0. Having won awards in the German government's Top Cluster competition, the "It's OWL" network ranks as one of the largest SME initiatives for Industry 4.0.
www.its-owl.com/home/

Contact Person

Daniela Meschede
achelos GmbH
Tel.: +49 (5251) 14212-345
Mobil: +49 (172) 4211193
E-Mail: daniela.meschede@achelos.de

Website Promotion

Website Promotion
achelos GmbH

achelos GmbH

achelos is a manufacturer-independent software development and consulting firm that is based in the German city of Paderborn. Founded in 2008, the technology expert offers cross-sector solutions for security-critical fields of application with core competencies in embedded development and subscription management. The company develops and operates highly specialised products, solutions and services for the international market. achelos offers comprehensive expertise in development, Testing as a Service (TaaS) and certification.
achelos.de | IoT.achelos.com

The publisher indicated in each case (see company info by clicking on image/title or company info in the right-hand column) is solely responsible for the stories above, the event or job offer shown and for the image and audio material displayed. As a rule, the publisher is also the author of the texts and the attached image, audio and information material. The use of information published here is generally free of charge for personal information and editorial processing. Please clarify any copyright issues with the stated publisher before further use. In case of publication, please send a specimen copy to service@pressebox.de.
Important note:

Systematic data storage as well as the use of even parts of this database are only permitted with the written consent of unn | UNITED NEWS NETWORK GmbH.

unn | UNITED NEWS NETWORK GmbH 2002–2024, All rights reserved

The publisher indicated in each case (see company info by clicking on image/title or company info in the right-hand column) is solely responsible for the stories above, the event or job offer shown and for the image and audio material displayed. As a rule, the publisher is also the author of the texts and the attached image, audio and information material. The use of information published here is generally free of charge for personal information and editorial processing. Please clarify any copyright issues with the stated publisher before further use. In case of publication, please send a specimen copy to service@pressebox.de.