UL and Codenomicon have collaborated to develop and perform security testing on network connected devices. Initial testing will be on industrial automation equipment and services and medical devices, with planned expansion into security testing in other industries. Codenomicon and UL will work together to provide Fuzz and Binary Analysis testing services. Fuzz Testing is a mechanism in which the communication protocols of the device under test are subjected to random exception messages to discover coding and security errors. The Binary Analysis identifies known vulnerabilities found in compiled software that could possibly be deployed in a production environment.
These services will support UL's customers' needs in addressing security concerns in the evolving industrial automation and medical equipment industries.
UL believes that developing security testing and certification programs for industrial and medical systems that utilize either proprietary or third-party components would add value to all stakeholders, increase safety and begin to form a baseline security-test by which a device's level of security can be measured and rated. UL and Codenomicon will create a program that manufacturers and system operators can submit their products and systems for evaluation. Upon test and evaluation, the results would be communicated to the manufacturers and system operators and UL and Codenomicon may make policy recommendations to track and remediate any known and unknown vulnerabilities in the tested device.
"Codenomicon's goals and principals are well-aligned with those of UL. We are committed to working with any organization that can help identify known vulnerable and unknown vulnerable software components in the critical systems we all rely on today, to fulfill the role of a trusted resource for those who are concerned with cybersecurity of devices." said Mike Ahmadi, global director of Critical Systems Security, Codenomicon.
"Our collaboration with Codenomicon is founded on our mutual commitment to discover and solve the safety and security concerns of cyber-capable devices before they become integrated into new systems," said Lisa Salley, vice president and general manager of UL Energy & Power Technologies. "We are confident this joint effort will fulfill that shared mission."
Codenomicon's tools are currently used by the U.S. Food and Drug Administration (FDA) to increase their understanding of vulnerabilities affecting medical systems and devices, as part of their ongoing development of their cybersecurity analysis lab. UL will leverage the tools to conduct similar testing and analysis for industrial and medical devices.
"Testing and Certification Security Solutions tools like these will allow us to become an even closer partner with both the manufacturers of healthcare products as well as product regulators. We are looking forward to new opportunities to promote innovation in the market by helping these manufacturers demonstrate the steps they've taken in doing their part to improve security in the overall healthcare ecosystem. UL's mission is founded on protecting patient safety and opportunities like this allow new ways to administering health care and bring confidence to the patients, manufactures and regulators" echoes Anil N. Patel, Director of Global Markets and Regulatory strategy.
"Codenomicon is very pleased to be in collaboration with UL. Our tools, combined with the vast testing experience UL brings to the table, will combine to create a testing environment where security can be evaluated and measured by an internationally trusted source," said David Chartier, CEO of Codenomicon.
UL is a premier global independent safety science company that has championed progress for more than 120 years. Its nearly 11,000 professionals are guided by the UL mission to promote safe working and living environments for all people. UL uses research and standards to continually advance and meet ever-evolving safety needs. We partner with businesses, manufacturers, trade associations and international regulatory authorities to bring solutions to a more complex global supply chain. For more information about our certification, testing, inspection, advisory and education services, visit www.UL.com.
Codenomicon is a global leader providing cyber security solutions to organizations that develop, deploy and defend critical software, services, and infrastructure. By enabling organizations to detect, remediate and mitigate vulnerabilities and cyber threats, Codenomicon empowers customers and partners to build a more resilient world. Codenomicon's suite of next-generation security solutions include automated testing tools for proactive vulnerability management and an advanced threat intelligence platform used to detect and prioritize malicious cyber-attacks in real time. Founded in 2001, Codenomicon was spun out of the successful PROTOS test tools research of the Oulu University Secure Programming Group. Since then, Codenomicon's solutions have been used to detect and address widespread, critical vulnerabilities such as Heartlbeed. Codenomicon works with hundreds of customers across a wide range of industries, including telecommunications, finance, healthcare, industrial control systems, automotive, and Government. Codenomicon is headquartered in Finland, with offices in the Silicon Valley, Singapore, Germany, Hong Kong, China, and India. (www.codenomicon.com)