Creating safe networks with formal development
Security solutions can only be as good as the quality of their own development process. It is worthwhile to apply the principles, technologies and procedures of formal development from safety-critical industries to the case of secure networking, as a single malfunction of a security system does not merely annoy the user, but can create a longawaited opening for an attacker and render all previous measures useless.
Developing for sustainability
Traceability both up and down
We believe documentation does not cost time — it saves time. Starting from the user needs, we document a full set of system, high-level, and low-level requirements and coding tasks. Requirements are managed using an application life cycle tool that allows upward and downward tracing.
From the beginning, we classify our products into assurance levels and develop our requirements and test case descriptions accordingly. All requirements, designs and code are reviewed; depending on the assurance level, we require testing to cover 100% of the code.
Not only do we make sure that our code satisfies all requirements, we also ensure that the requirements cover all code. A strict no-requirement-no-code rule is applied, assuring that all code is actually covered by a requirement — and thus by a test case.
Life cycle models
Effective processes that apply the new and preserve the proven
Development principles and life cycle models are only means to an end. It is important to ensure that all development activities work towards the goal of building a reliable, sustainable, secure system. The resulting life cycle combines as much agile flexibility as appropriate, with as much waterfall thoroughness as needed. We call it: riding the waves.
Often being criticised for being outdated and having been proven wrong due to expensive corrections being made late in the development cycle, waterfall development actually aims to avoid high cost of correction by properly thinking through all system application cases before proceeding.
Being today’s method of choice, agile principles have their advantage in high-risk development where little experience with the system at hand is available and early-stage requirements engineering and design are difficult. However, agile principles carry a large risk of resulting in insufficient documentation and considerable refactoring of work in later cycles.
Circle Networks' wave model therefore applies waterfall principles for its products as a whole, in order to maximise requirement and design coverage early on — especially because subsequent changes and extensions often lead to architectural deficiencies that are the cause of system vulnerabilities. To obtain a working prototype and quickly win system behaviour knowledge, we apply agile principles for incrementally coding more complex components within the waterfall model: the waves.
Circle Networks employs people who share our passion for pragmatic quality engineering.
Interested in joining us?
Get in touch now to discuss entry opportunities. We will answer as soon as possible and are happy to phone you.
Send us an email