Articles

Based on the current state of affairs, and observed trends in regulations, technologies and geopolitics, the CEST Consortium agreed on the vision of building a Confidential Software Security Assurance environment meeting the following challenges: Intellectual property – Regulators should consider the software suppliers’ and vendors’ intellectual property (IP) concerns and formulate their regulations with considerations on protecting this valuable IP asset. Confidentiality – Regulated increased software exposure increases vulnerability risks since proprietary software may contain unknown vulnerabilities that powerful adversaries may discover and exploit as zero- day attacks.

The increased complexity of software systems has led to the situation where their security and reliability have become more necessary and more challenging. As a response, researchers and developers are constantly advancing software assurance techniques and tools that increase the assurance productivity. For example, one advancement in software assurance is the use of fuzz testing, which involves automatically generating random inputs to a program in order to find unexpected behavior. Fuzz testing has been shown to be effective at identifying security vulnerabilities that might have been missed by traditional manual testing methods.

Introduction: In a previous article, we discussed the criteria for selecting the right assurance tools for your project. In this follow-up article, we’ll show the specific tools that were chosen in the CEST Assurance Study to address software assurance in the telco and automotive industries. (Some of the tools where changed after the “hands-on examination”). By learning about these tools, you can gain insights into the features and capabilities you should look for when choosing assurance tools for your own projects.

Introduction: Trust is a crucial factor in software assurance, particularly when multiple parties are involved. In this article, we propose a new trust model for software assurance that aims to minimize the required trust between different actors by introducing an intermediary that everyone trusts: the CEST platform. We’ll discuss the rationale behind this trust model, how trusted computing plays a role, and the advantages of a location-agnostic approach. The Trust Model: CEST Platform The CEST platform is a confidential computing solution based on state-of-the-art hardware and open-source software.

Introduction: When it comes to software assurance, choosing the right tools can make all the difference. In this article, we’ll share the key criteria to consider when selecting assurance tools, based on the “CEST Assurance Study.” By understanding these criteria, you can make a more informed decision and ensure that your assurance tools will be effective in addressing your project’s specific needs. Criteria Focus on Specific Test Cases: The CEST Assurance Study outlined a list of recommended test cases for software assurance in the telco and automotive industries.