Auditing and Modernizing
Achieving Cyber Security Compliance for Cruise Ship Operations
Client
Confidential
Industry
Tourism & Cruise Operations
Services
Cyber Security
Ensuring Compliance and Security in Cruise Software
Our client, a mid-sized global software provider, sepcializes in creating solutions for cruise ship operations. Their platform supports essential onboard functions, including passenger management, safety processes, sales, crew workflows, restaurant bookings, and real-time promotions and more. As their clients include publicly traded clients in the US, the need for stringent security and compliance with US regulations became mandatory. To meet these demands, the client sought to align its development practices with the Secure Software Development Framework (SSDF) issued by the National Institute of Standards and Technology (NIST). The SSDF is a set of practices designed to help organizations ensure that their software development processes are secure from design to deployment. A key requirement was a deep review of code, processes, and tools to achieve certification.
Auditing Two Million Lines of Code and Modernizing Security Practices
To address these challenges, we conducted a comprehensive security audit of the client's software ecosystem. This engagement began with full access to their repositories, development workflows, and deployment pipelines. We used a combination of static analysis tools from our partner BlackDuck Software to analyze approximately two million lines of code. The scan surfaced over one thousand potential vulnerabilities, many originating from test frameworks or unused components. Our security team then manually reviewed each issue to identify high risk vulnerabilities. Additionally, we conducted interviews with the client's CTO, development leads, and product owners to understand how code moved through the system, how updates were deployed, and where security checks sat in the delivery flow. This helped map the client’s processes to SSDF requirements. Once the results from the vulnerability scans and internal interviews had been analyzed, our team was able to create a refined list of over 100 vulnerabilities that needed to be addressed for SSDF compliance to be achieved. After the client completed a dedicated security sprint, we were able to re-audit the platform to determine if critical vulnerabilities were resolved.
A Secure Foundation Ready for Certification and Future Growth
The final audit confirmed compliance with NIST's SSDF standards, ensuring the platform met the stringent security requirements of US standards and global enterprise-level companies. Our work provided the client with a transparent view of their software and a structured process for handling vulnerabilities, enabling them to confidently meet the demands of enterprise clients and turn commitment to security into a point of value. This secure foundation allows the client to pursue future feature development and upcoming security assessments with confidence, knowing they meet the rigorous requirements of enterprise customers.
