About Security Innovation

Software Runs the Connected World – We Secure It


Today’s software doesn’t exist in isolation; it operates in a complex and hostile ecosystem that makes it vulnerable to attack from multiple points – and that we understand well. For over a decade, organizations have relied on our assessment and training solutions to make the use of software systems safer in the most challenging environments – whether in web applications, IoT devices, or the cloud.

Our solutions are based on the three pillars of a secure SDLC, which feed into one another to create an ecosystem of repeatable, secure software development: Standards, Education, and Assessment.

STANDARDS & POLICIES
Set goals and make it easy

Secure development standards bridge the gap between InfoSec policies and development best practices. Findings from ongoing research and SDLC assessments provide a feedback mechanism from which we build security principles, coding best practices, architecture standards, and testing procedures.

EDUCATION 
Enable me to make the right decisions

Our computer-based and instructor-led training gives your teams the right skills to successfully implement secure coding standards and adhere to policy requirements.  Source content is derived from our ongoing assessments of the world’s more prolific software. 

ASSESSMENT (Application & SDLC)
Show me the gaps

Our expert analysis provides a feedback mechanism to improve standards and identify knowledge gaps. This takes the form of static analysis, dynamic analysis, penetration testing, code reviews and SDLC audits.

Unique Perspective on Software Security Because our solutions span assessment, remediation and training, we understand the systemic causes that lead to vulnerable software. We also develop software products ourselves; thus, we understand the challenges of building security in, trade-offs between functionality and security, and how to take a risk-based approach to vulnerability management.


Credentials:

  • Published the industry’s first security testing methodology, How to Break Software Security, which has been continuously refined and adopted by Microsoft, Adobe, Symantec and others
  • Gartner Cool vendor and multiple Gartner Magic Quadrant leader designations
  • Staff hold 100+ accreditations including Apple and Barracuda Network Hall of Famers, Privacy by Design Ambassadors, Microsoft MVPs for Security, and Ponemon Institute fellows
  • Authors of 18 books, including 10 co-authored with Microsoft
  • Co-inventors of the widely adopted STRIDE and DREAD software threat management techniques
  • Security partner to the Microsoft Azure and Amazon AWS teams, helping secure their platforms
  • Provided expert testimony for Congressional hearings and state court cases

Security Innovation’s roots are in software quality and security.  In 2002, we were launched as a consultancy focused on software security analysis for US Department of Defense and software vendors including Microsoft, Adobe, and Symantec. From this evolved training and SDLC assessments to address root causes of vulnerabilities, enabling growth into the financial services, retail, hospitality, and manufacturing industries. With the acquisition of NTRU Cryptosystems in 2009, the company added embedded and IoT security expertise and further expanded into testing “smart” devices for home, energy, and building control.

The company is headquartered in Wilmington, MA with offices in Seattle, WA and Pune, India.


Key Milestones:

  • 2002 - spun off from Florida Tech, the only university at the time offering a software security degree
  • 2008 - sold government division to Raytheon
  • 2009 - acquired NTRU Cryptosystems, an embedded & IoT security company
  • 2014 - acquired Safelight Security, a security awareness training company
  • 2017 - spun off OnBoard Security, a company focused on automotive security