Technology Assessments from VBIC are highly targeted to address your most urgent needs. Highly pragmatic by design, these services focus on assessment, diagnosis, recommendations and corrective actions to yield a rapid return on investment (ROI). Whether you need to ensure a successful project launch, or quickly assess and correct a failing project, Technology Assessments from VBIC will put your software project on the right track.
- Solve quality problems: performance, scalability and extensibility.
Secure Code Assessment
- Application focus: security from the inside out.
- Increasing customer retention through improved analysis, prototyping and user-centered design.
Quality Assurance Assessment
- Transfer QA best practices: improve quality and efficiency Provide foundation for test automation.
In response to rapidly changing market conditions and business needs, your software development team has probably worked very hard to meet aggressive schedules and changing requirements. These accomplishments have enabled your business with competitive assets, but do you know the quality and stability of the architecture upon which these assets are built?
In order to meet your aggressive goals, development teams often do not have the time needed for long-term architectural planning. While your initial deployment and early-stage production use may have indicated few problems, your long-term use and growth may be very limited.
The Architecture Assessment draws upon years of success in designing and building commercial applications in MS .NET or J2EE. Our senior analysts and engineers work with your team to document your system and provide an in-depth analysis focused on key growth-support areas including stability, scalability, application security, availability and maintainability. Through the Architecture Assessment, we also provide the detailed recommendations needed to adjust for any limitations hidden within your system.
The Architecture Assessment includes a complete spectrum of evaluations tailored to the specific needs of each client. The selection of evaluations and deliverables include:
- Code Inspections - Concurrent Processing Analysis - Tiered Architecture Evaluation - Security Assessment - Compatibility/Adaptability Assessment - Fault Tolerance Evaluation - Examination for Reusability and Options for -Improvement - Performance Analysis - Database Design Evaluation - Maintainability and Interoperability Analysis - Extension to Alternate Technologies - Intellectual Property Rights Review - Classification of IP - Intangible Asset Eligibility Review - Financial Impact Analysis
Business Issues Addressed • Is your current design documentation complete? How much of your design detail is lost when one of your senior engineers resigns?
• Can your application handle the demands of your business now and in the future? How scalable is your application or e-business? How portable and extensible?
• Are you realizing any of the promised benefits of reuse? Is your system documented sufficiently to facilitate reusability?
• Can you practically migrate from a client-server model to the web or from a web browser to a hand-held device?
• If your company acquires new products or technologies, how will these integrate into your current application architectures?
• Is your intellectual property value being fully realized? Can you describe your intellectual property assets in sufficient detail to be patented?
Process and Deliverables The Architecture Assessment utilizes a proven methodology based on years of commercial software engineering and migrations to evolving platforms. The process includes:
Investigation and Documentation Using a combination of existing documentation, team interviews, code deconstruction and database examination, we document your complete system architecture.
Analysis Our senior analysts and engineers will analyze the documented architecture. The system will be reviewed with regard to stability, scalability, application security, availability and maintainability.
Alternative and Recommendations Recommendations will be made to resolve issues uncovered during analysis. This may include a combination of strategic adjustments and specific actions that will improve targeted issues within your system architecture.
Benefits Without comprehensive system documentation, what do you loose when a critical team member resigns? The Architecture Assessment protects against this loss with thorough documentation that enables other team members to quickly step in and fill the void.
The quality and completeness of design documentation often suffers when budgets and delivery dates are tight. The long-term value and extensibility of your application diminishes over time as fewer of your developers know and remember the design details and changes that occurred during the development process. An Architecture Assessment will help you capture much of the lost design information to create a thorough, current design document that supports your plans for future enhancements and migrations.
Most often, application scalability does not become an issue until practical limits are reached, in production. The Architecture Assessment provides a quantified assessment of application scalability before limits are reached. As a result of the audit, you will know the specific issues that can limit scalability and identify options for resolving each. Likewise, portability and extensibility are frequently not considered until there is a reason to move your application into a new context other than that for which it was originally created. The Architecture Assessment provides a means for identifying issues surrounding porting and extending your application, along with providing recommendations of best practices to reduce cost in these activities.
Preserving your investment in existing systems is key to cost effectively deploying an e-business, or extending your existing business. The Architecture Assessment identifies issues associated with extending your “legacy” or existing applications onto the Web, or into the wireless applications world. As with other dimensions of the analysis, the Assessment provides recommendations of best practices to minimize cost of extending your application and maximizing the value of your existing system investments.
Intellectual property can be a valuable asset to your organization. In fact, your technology may even be patent able. However, the value of intellectual property is only known if it can be assessed objectively, typically by 3rd party auditors or due diligence teams as part of M&A or other transactions. The Architecture Assessment establishes the proper baseline documentation that is a prerequisite for any such auditing process, and is likewise a prerequisite for your patent attorneys to begin a patent claim on your behalf.
And finally the VBIC Architecture Assessment can help you further define and/or refine your applications corporate, user, and quality goals.
For additional information or for a price quote, please email email@example.com.
VBIC’s Secure Code Assessment
VBIC’s Secure Code Assessment provides a solution to rapidly scan your critical applications vulnerable to attack and exploitation. The Secure Code Assessment will provide you with the information you need to understand the risk posed by your applications, address that risk, and assist with remediation efforts.
The Secure Code Assessment will focus your security investments on the areas of greatest criticality while identifying source code vulnerabilities and correcting those vulnerabilities.
VBIC’s Secure Code Assessment is the fastest solution for rapid risk reduction of source code security flaws and can be delivered either onsite or through a secure ASP.
Safer Software VBIC provides automated source code security test and measurement solutions that enable your company to immediately reduce its risk from software vulnerabilities and the costs associated with malicious breach of its applications. Reducing the high cost of software security testing, VBIC helps customers identify and remediate vulnerabilities via an automated security test and measurement service. VBIC’s Secure Code Assessment provides for the creation of a safer software application through the continuous automated assessment of software.
One division of a global money center bank can generate 100 million lines of code a year. Unintentional errors aside, security engineers are simply overwhelmed by the volume of code that needs to be checked.
All software ships with some bugs. However to generate safer code, companies must strike a balance between risk, speed, quality and cost in order to determine whether and what code to test for security problems. Since the vulnerability field and volume of code to check is large, the cost to check vulnerabilities by hand/eye is high, and the window of opportunity for software assessment short, companies simply cannot test all their code for security problems. The result is that businesses are forced to deploy applications that are vulnerable to exploitation.
Challenge of Creating Safer Software Conventional software development processes do not incorporate steps that specifically test code for security weaknesses. The National Institute of Standards and Technology estimates that nearly 90% of all software developed each year for use in the United States is never screened for potential security flaws.
Three significant barriers stand in the way of better software source code security testing.
Code Can Contain Many Types of Security Problems: Testing software is difficult. Testing software for security issues is an even tougher challenge. This is because the range of security vulnerabilities that must be checked for is broad, complex and constantly changing. Testing for security issues involves multiple processes. Defining what is a true vulnerability, keeping current with the discovery of new vulnerabilities, understanding what the trigger instance of the vulnerability looks like and how it can be invoked, to simply capturing, codifying and controlling institutional memory concerning security vulnerabilities, are daunting tasks for any organization.
Cost Effective Secure Code: Every software development organization today is tracked as a cost center with the constant goal of having more code created more cost effectively. Debugging and functional testing already chew up the majority of every software project budget. In addition, there is more code to examine. Over 450 billion lines of software are generated annually for U.S. organizations alone. Given the additional expense of checking all that code for security issues and the cost conscious nature of today’s IT organization, most companies conduct minimal, if any, security checks on code.
Speed and Time: Today, checking code for security issues is largely manual. It requires highly trained security engineers, experienced in the language the application is written in, who can generally only sample code versus analyzing the entire application. Few people have the skill set to analyze the code for security flaws and those that do find the work tedious, boring, and 1 poor use of their time. Examining source by hand is also slow and prone to error. The best security engineers claim a code scan rate of 4,000-5,000 lines a day. The Secure Code Assessment is designed to eliminate security vulnerabilities at any stage of the development lifecycle, generate clear and consistent metrics that drive code quality assurance programs and dramatically reduce the cost of checking code for security anomalies. Through its innovative use of new technology, VBIC reduces the vulnerability detection workload on the software and security engineering teams. By automating a majority of the source code security checking function and relieving the software engineering teams of performing hand/eye security reviews VBIC can enable more code to be checked more thoroughly at a lower over all cost. The end result is safer code.
Next Generation Security Analysis VBIC utilizes a set of technology components that together, rapidly scan your critical applications vulnerable to attack and exploitation. VBIC’s Secure Code Assessment uses several different algorithms for vulnerability detection, converts the output of those algorithms into common uniform language, and references that data against a proprietary vulnerability rules and instances knowledge base and then delivers security test and measurement capability through a platform that integrates seamlessly into any code development process. The output is a set of clear and consistent reports that can be used to improve code quality. By technically automating and optimizing each of the steps associated with algorithm based testing into one integrated solution VBIC can rapidly and efficiently reduce the security risk in code. The VBIC Secure Code Assessment utilizes a proprietary platform that is built on a unique architecture that utilizes multiple testing algorithms, intelligent analyzer lenses, vulnerability classification taxonomy and a rules and instance knowledge base.
VBIC’s Secure Code Assessment utilizes multi-algorithm capability that can detect risk quickly, examine large amounts of code cost effectively, and assess a wide vulnerability horizon as well as easily deploy across heterogeneous development environments.
Languages Scanned: C, C++, .NET (C#, VB, etc), Java, JSP
Development Platforms: Windows, .NET, Linux, Solaris
Runtime Platforms: Windows, Linux
VBIC can assist with remediation of any vulnerability identified in the source code.
For additional information or for a price quote, please email firstname.lastname@example.org.
Quality Assurance Assessment
Everyone appreciates the value of high-quality testing and quality assurance work. However, achieving this through the use of internal resources can be a challenge. When budget constraints are imposed, QA is typically one of the first groups impacted. The irregular pace of application development often leaves QA teams hard-pressed to ramp resources up or down in a timely and affordable manner.
VBIC provides the strategy and program to coordinate building collaborative teams that leverage VBIC’s proven methods, experience and people to ensure the successful transition and evolution necessary for building a flexible and affordable outsourced QA organization.
VBIC maintains a keen understanding and appreciation for the business drivers and objectives of transitioning from a high maintenance, high cost, or high-risk arrangement. Satisfying these business drivers will manage value and produce measurable positive results, among them:
• Improve ability to quickly staff projects through peaks and valleys • Improve the ability to manage change, risk, and costs • Cut time-to-market product introduction • Provide an integrated team to support the applications and systems • Compress application and system support interval • Eliminate communication gaps and defects • Improve margin through eliminating expensive service • Enhance Customer satisfaction
Offering VBIC’s QA outsourcing transforms expensive quality management islands into focused entities, commanding access to efficient, highly skilled and cost effective pool of resources, risk free and painless. VBIC can provide facilities, workstations, tools, tool hosting, and QA testing resources in our 30,000 square foot facility in Dusseldorf, Germany and/or in our offshore facility. VBIC is a Microsft Certified Partner ISV/Software Solutions.
VBIC Differentiators • We provide full communication between your Developers/Users, and QA, allowing you to mitigate most release issues prior to production. • We utilize proven methodologies that combine best-of-breed toolsets with extensive project experience. • Our scalability allows us to service a wide clientele ranging from Internet-exclusive firms to the largest of the Fortune 500. • We provide a strong “Project Management” test approach • We utilize established Test Case, Business Process and Script Inventories built-around your standards, applications and tools.