Just as other information systems, embedded / industrial systems (SCADA) demand software vulnerability management.

This is due to 2 major trends:

  • embedded systems are more and more connected and complex: the use of interconnexion standard protocoles libraries is spreading with a consequential increase of potential entry points for malicious acts;
  • the growing use of COTS into embedded or SCADA components: COTS vulnerabilities are transferred to embedded components.

Vulnerability management of embedded / industrial (SCADA) systems is now a priority.

SCASSI can support its clients in two different ways:

  • ad-hoc interventions to assess the maturity of a system and bring it to the state-of-the art standards;
  • a continuous monitoring with a reactivity adapted to the criticality of the system.

SCASSI’s offer includes the following services:

  • support project owners to identify critical software components;
  • technology watch and alerts in case of vulnerability detection (vulnerability analysis, assessment of its ability to do harm and its potential impact on the system);
  • correctives recommendations (patch, protectives measures…)

To deliver that, we use various tools and information sources: CERT-FR, National Vulnerability Database CVE (Common Vulnerability Enumeration), security bulletins issued by manufacturers or editors.