
Mid-sized company providing cutting edge software integrated into vessels from the largest cruise lines in the world. Their software elevates guest experiences by enhancing the ability of operator’s to serve thousands of guests every day.
The Challenge
After acquiring a client on the New York Stock Exchange, our partner was required to comply with the National Institute of Standards and Technology Cyber Security Framework (NIST CSF). The NIST CSF focuses on six critical functions: Identify, Protect, Detect, Respond, Recover, and Govern. By complying with these functions, companies from any number of industries including critical infrastructure, healthcare, and E-commerce can ensure cyber resilience across their systems.
The Solution
Upon receiving the code from our partner, we initiated a series of team meetings to facilitate collaboration and understanding of client needs. Although our partner's code was already considered high quality, complete with policies and procedures outlining external licenses, our vulnerability scans discovered additional issues. Using Coverity, we assessed code quality and eliminated dead code, ensuring more resilient software be built in the future.
We implemented software from Black Duck (formerly known as SYNOPSYS) to thoroughly scan over 2 million lines of code for snippets containing licensed code and to identify dependencies, which is crucial for assessing repository health.
Every finding was meticulously analyzed by our cybersecurity team to identify any false positives. We then collaborated with our partner's teams to reach final decisions regarding each issue. A comprehensive list of vulnerabilities, classified by danger level, was then provided. Following this, our partner's team made necessary code changes and submitted proof of their updated code. We conducted additional tests on the revised code to ensure the elimination of vulnerabilities. Once we confirmed the quality of the new software, it was deemed ready for implementation.
The Results
As a result of our diligent collaboration and comprehensive analysis, our partner’s software reached new heights of security and robustness. Throughout our assessment, we meticulously combed through over 2 million lines of code, identifying and addressing 150 vulnerabilities. Our efforts reduced significant risks and determined that 10 risks were to be treated as critical. By conducting interviews with our client’s teams and thoroughly evaluating the software, we provided our partner with a detailed implementation plan to comply with industry standards set by NIST. This proactive approach ensured that our partner was certified both on budget and on time, equipping them with a secure, scalable solution ready for immediate deployment.
<< Return to Case Studies

Let's Get Started Today!
We offer tailored development team solutions. So whether you need to add to your team to cover gaps left by transition, need to add skills to your team, or need a dedicated team to handle a specific project - we meet you where you are.
Talk to our team to see how we can help you win.