• Français
  • English

TECHNICAL DUE DILIGENCE

As a CISO, prior or during purchase or integration of a new application/software/IT product in your company, you would like to check:

  • the security properties level (respect of the editor’s promise)
  • the absence of vulnerability introduced
  • the absence of malicious function(s)

As an Investment Fund (VC) or an Entrepreneur, you would like to assess the security level of an application/product or a service during a Merger/Acquisition project of a software or product provider.

Main challenges

Performing these in-depth and necessary assessment can be made very difficult for stakeholders, due to lack of tools, skills or services drawbacks:

  • the lack of in-house expertise for advanced software, in particular for network products or anti-virus software
  • the budget at your disposal is often too low to address the complexity of the software to be analyzed
  • CSPN certifications of security products offer a useful framework but are sometimes unsuitable for certain needs or types of products or when you would like to avoid imposing a formalism / when you are running out of time.

Our solutions

Get support from a multidisciplinary team of experts (ANSSI ITSEF certified) covering:

  • the various operating systems and platforms on the market
  • desktop or mobile environments
  • a wide range of products or applications, including cryptographic libraries

When your constraints are strong (time/resources), we will conduct CSPN-type evaluations, relieving you of heavy procedures and of inherent certification formalism.

To access the main works realized by our teams: visit our blog