Trustonic and Riscure have published a white paper that details the modern testing and certification environment. The guide covers mobile applications and IoT devices, and is geared towards developers who are looking to bring trustworthy products to market.
To that end, the white paper places a strong emphasis on the secure development lifecycle (SDL). In plain terms, that means that security needs to be a top priority throughout the development process. Products should be tested at every stage of development, and not just at the end of the cycle when the product is moving towards a commercial launch.
With that in mind, Trustonic advises companies to view security as an important feature rather than an expense. Certification is a requirement in many fields, and poor security or a data breach can doom an otherwise promising debut, especially if it destroys consumer faith in the safety and reliability of the brand.
The white paper goes on to list some of the testing bodies and regulatory agencies that a company may encounter. It also explains the difference between testing and certification. The former can be carried out in-house (though an external evaluation can help uncover any hidden security gaps), while the latter requires an external review from an accredited institution.
Trustonic is hoping that the white paper will be useful to other companies that are struggling to navigate the intimidating regulatory process. Trustonic is certainly well-positioned to offer advice on that particular subject after completing its own certification journey earlier this year. The company’s Trusted Execution Environment solution received EMVCo certification in February, following testing that was carried out at Riscure’s independent facility.
Trustonic has since joined the Car Connectivity Consortium to promote technologies that can establish secure connections between smartphones and smart vehicles. It has also provided TAP security for the KB Star Banking App in South Korea.