To get started with our Software Security Engineer as a Service we have a three step process which is detailed below. We perform a free gap analysis, after which we analyze your current code base. Now our software security engineer has become part of your team.
Not sure if this fits your exact security needs? You can always try our service on part of your product. The pricing is only based on the software engineers that work on the code we review.
We schedule a call which lasts about an hour. In this call we will discuss the technical architecture of your product and discuss what level of security is relevant for you and your assets.
After the call we receive the relevant parts of your codebase to better gauge the current security level and gives you more details on what we can do for you.
You receive a brief report that describes were you currently are regarding security and were you want to go. It details on what the focus areas are and what work our security engineers will perform. Finally, it gives an indication on the work required for step 2.
We will create an automated connection between your source code repositories and our Integrated Review Environment. This enables us to efficiently analyze your current code base according the agreement made during the gap analysis.
Through our Integrated Review Environment we will create findings directly in your issue tracker for anything we find. During this analysis we can have discussions if there are any significant architectural security problems. This makes sure that the security level you aim for is reached.
Such a code review is normally done as a one of manual process and can easily reach up into € 10.000 range. However, we see more value in the continues process and as such perform this service for significantly reduced price as we see it as a starting point.
In step two we made sure the current code base is in good order from a security perspective. This enables our Software Security Engineers to analyze the code differences efficiently and effective.
From this point onwards we are fully integrated in your team and workflow. We communicate through the issue tracker on any new security issues as soon as they appear. In each finding we also include one or multiple mitigation strategies. This enables you to resolve security issues swiftly and efficiently.