Security & Privacy

For many years, security has been an essential factor for the acceptance and success of systems and therefore requires special attention in the broad environment of modern IT technologies. Today, many everyday tasks are carried out via IT systems, mobile applications and the Internet and sometimes process highly sensitive data. A lack of security is therefore a risk factor that should not be underestimated, as regular reports of attacks and data breaches show.

At RISE, security plays a central role in the implementation of solutions. RISE offers a comprehensive end-to-end spectrum in this area and relevant experts are involved right from the start of projects. Security is explicitly taken into account as early as the concept development stage, the architecture is carefully planned and potential risks and countermeasures are identified and developed. An essential attitude of RISE is to see security as a process. This means that the foundations for a comprehensive consideration of this topic and the secure implementation of projects can be established at a very early stage.

RISE offers a comprehensive security portfolio throughout the entire implementation process, right through to ongoing operations. Standardised processes and tools are used, which have been optimised through numerous implementation projects for highly secure TI solutions. These include components/libraries, solutions for security during operation, tools for testing security aspects as part of test automation and penetration tests. RISE solutions are implemented in tested environments to high standards. Many of these are independently assessed and audited by external auditors. RISE's extensive expertise will also give your projects the security edge they need.

The applied test process and the methodology of the RISE security experts were examined with regard to their application to systems and applications as part of critical infrastructure. As an accredited "Qualified Body", the security experts at RISE are able to use their experience in dealing with various security-critical systems - from common web/mobile applications to high-security projects, smart cards, hosts and cloud infrastructures - to support you at any time in strengthening the security of critical infrastructure!

• Linux kernel development
• Apache Software Foundation
• Committer in various open source projects
• RISE conducts ongoing analyses (black and white box) of OSS for vulnerabilities and reports these to the OSS projects

RISE employees are part of the scientific (security) community and take part in globally relevant research projects. One example of this is an internationally recognised security vulnerability in the TLS protocol discovered by RISE employees: In 2015, RISE discovered (and closed) an internationally sensational vulnerability in the TLS protocol (global protocol on the Internet) that allows attackers to carry out a so-called man-in-the-middle attack and thus read private data on secure websites (e.g. Facebook, eBanking) and change it at will. Facebook honoured the discovery with the BugBounty Award. RISE publications and procedures on KCI attacks against TLS are Available at https://kcitls.org.

As part of the community of IT security capture-the-flag (CTF) contests, RISE employees regularly take part in worldwide security contests via the "Defragmented Brains" team or organise corresponding contests for customers themselves as training in the security environment. In this area, ongoing training is a key success factor in order to be able to react quickly in an emergency and to be able to cover a broad and extensive spectrum of security vulnerabilities.