Our philosophy

Bringing the safety of aviation to networking

Security solutions can only be as good as the quality of their own development process. It is worthwhile to apply the principles, technologies and procedures of formal development from safety-critical industries to the case of secure networking, as a single malfunction of a security system does not merely annoy the user, but can create a longawaited opening for an attacker and render all previous measures useless.

Principles

Developing for sustainability

Traceability both up and down

We believe documentation does not cost time — it saves time. Starting from the user needs, we document a full set of system, high-level, and low-level requirements and coding tasks. Requirements are managed using an application life cycle tool that allows upward and downward tracing. Requirements comprise both functional and non-functional ones, with the latter covering product safety, legal aspects, usability, performance, producibility and cost.

Security requirements

We develop with common criteria certification in mind. From the beginning, we classify our products into evaluation assurance levels (EALs) and develop our requirements and test case descriptions accordingly. All requirements, designs and code are reviewed; depending on the assurance level, we require testing to cover 100% of the code.

Test coverage

Not only do we make sure that our code satisfies all requirements, we also ensure that the requirements cover all code. A strict no-requirement-no-code rule is applied, assuring that all code is actually covered by a requirement — and thus by a test case.

Life cycle models

Effective processes that apply the new and preserve the proven

Development principles and life cycle models are only means to an end. It is important to ensure that all development activities work towards the goal of building a reliable, sustainable, secure system. The resulting life cycle combines as much agile flexibility as appropriate, with as much waterfall thoroughness as needed. We call it: riding the waves.

Waterfall

Often being criticised for being outdated and having been proven wrong due to expensive corrections being made late in the development cycle, waterfall development actually aims to avoid high cost of correction by properly thinking through all system application cases before proceeding.

Agile

Being today’s method of choice, agile principles have their advantage in high-risk development where little experience with the system at hand is available and early-stage requirements engineering and design are difficult. However, agile principles carry a large risk of resulting in insufficient documentation and considerable refactoring of work in later cycles.

Waves

Circle Networks' wave model therefore applies waterfall principles for its products as a whole, in order to maximise requirement and design coverage early on — especially because subsequent changes and extensions often lead to architectural deficiencies that are the cause of system vulnerabilities. To obtain a working prototype and quickly win system behaviour knowledge, we apply agile principles for incrementally coding more complex components within the waterfall model: the waves.

Circle Networks is a technology company that is driven by engineering principles. Because we are convinced that this is what it takes to build sustainably secure systems.