Click + sign on the right to open specific case study!

Feel free to contact us for help.

Check our Products, Services and Resources. Also, check our Calculator.

Partner with the Glog team on a mission to make software more secure. Boost your software immunity, remove vulnerable spots.

Specific cases

Glog logo

Making software more secure

EuroICC

ToCCata Guest Room Management System

Case Study: EuroICC

EUROICC is hardware and software manufacturer, R&D outsourcing partner and system integrator in automation. Smart Hotel Control products enable our business partners to work more efficiently, safely and cost effectively. Its ToCCata guest room management system incorporates room monitoring and hotel management.

Business Challenge

Guest Room Management System based on C series of micro-controllers is a flexible solution applicable for different size hotels – from small inns to luxurious hotels.

Main functionalities are access control, power saving, staff monitoring and more effective processing of different alarms, requiring EuroICC to consistently meet the highest levels of data security and safety.

The main challenge is to reduce risk and secure EuroICC’s software products throughout the Software Development Lifecycle (SDLC) without slowing down delivery schedules. It is also required from EuroICC to meet business needs to deliver new, updated, or customized products to market as quickly as possible. EuroICC’s goal was to make software secure at the source code level and incorporate security focused culture into SDLC from the ground as a single security breach could seriously harm the company and its customers.

EuroICC team lead said: “Our software operates on the hotel network and also communicates with different internal and external software and services such as BMS, PMS, CMS and ACS. Software works in an environment which can be threatened and attacked from different points and, as part of the hotel network, it must fulfill the highest security standards in order to be a reliable part of the whole system.

Thus, we came up with the idea of using Glog which should help us find real security threats potentially missed in development and remediate them efficiently. Same time, an important outcome is increasing the ability of our engineers to improve software architecture in terms of security.

Results

Glog team provided services to secure software on source code level, saved scanning time and improved scan coverage of source code providing only relevant scan results to EuroICC developers. Trustworthy scan results without false positive findings and in-context remediation advice, helped developers in their effort to increase software’s security. Glog provided the possibility to detect potential security vulnerabilities, remediate within required timeframes and deliver more secure software products. It saves days of developers’ work usually needed to scan, triage and fix findings in their source code.

Glog solution helped EuroICC to be proactive in discovering and fixing security issues. Additionally, EuroICC was able to implement security by design approach to make software more secure.

EuroICC team lead continued: “Firstly, we got clear analysis about security weaknesses of our software product. With detailed explanation of the nature of the issues and clear remediation advice by Glog, our developers are able to fix the code with vulnerabilities and make it more secure. Overall, we saved a tremendous amount of time and energy on finding and analyzing the threats, triaging it including prioritization, and then remediation and fixing the security vulnerabilities. Finally, the experience working with the Glog team is valuable for our future development and maintenance of our software.

About Glog

Glog project is focused on research and development of a solution which gives remediation advice for security vulnerabilities in software code based on context. Moreover, it is capable of automatically fixing those vulnerabilities. We are developing such a solution based on machine learning and AI. Agility in software security is becoming a reality! More info at www.glog.ai.

Leading provider of SAST tools on the market asked us to analyze their scan results and security vulnerabilities findings in two popular projects. Here are results (names and results redacted due to confidentiality and sensitivity).

Here are results of Glog solution work on it:

False Positives Case Study

Applications AH and OAM scanned by leading SAST tool on the marked and 12,494 security findings reported in total by that tool.

Based on experience, the average time to analyze and resolve totaled 2 hours per finding (Note: it can vary from a couple of minutes to even weeks per security finding).

Estimated total time to resolve these findings using standard methods:

~ 24,988 hours i.e. ~ 164 man-months (effective 152 hours per month), ~ 13.7 man-years

Glog did it in less then 4 man-days for these big projects, together with remediation advice!

Glog confirmed a total of 49 true positive (TP) findings and offered very precise remediation advice.

Work in progress with a couple of popular tools including messengers and similar.

General use cases

You are a software development company and you haven’t implemented software/application security practice and process as part of your SDLC – Software Development Lifecycle.

Your product is deployed in a production environment. Hackers quickly spot vulnerable product, exploit vulnerabilities. Data are stolen, altered or damaged by unauthorized parties – malicious actors.

You face liability toward customers and regulators. Your reputation is ruined or damaged.

What to do?

You need to implement software security practice and process as soon as possible. We can help. Feel free to contact us.

Glog solution helps you to reduce or eliminate security debt. Otherwise, it will grow and can reach a level which you might not be able to resolve in future.

Security debt

Let’s say you are the founder of a startup. With your co-founders and development team you rush to create your MVP – Minimum Viable Product and to put it live. Hackers spot that your MVP is live. For them it is also MVP but they see it as the Most Vulnerable Product! Regulators see it as an MLP – Massive Liability Product.What to do? You need to implement software security practice and process as soon as possible. It should be part of the process from the beginning!Contact us to help you.
You are a company or individual using software from a vendor and want to make sure software is as secure as possible as well as to be compliant with relevant security and privacy standards and regulations.

Ask your software provider or vendor if they have security as part of their SDLC – Software Development Lifecycle. Have they performed necessary security testing and remediated vulnerabilities? What to do if they haven’t done it? Direct them to us to help them to secure their software and software supply chain.
Contact us to help you.
You are a regulatory body and want to make sure software is as secure according to standards and regulations.

Ask your software provider or vendor if he has security as part of their SDLC – Software Development Lifecycle. Have they performed necessary security testing and remediated vulnerabilities? Can they prove it? What to do if they haven’t done it? Direct them to us to help them to secure their software and software supply chain.
Contact us to help you.
You have to be compliant with various security and privacy standards and regulations (e.g. ISO/IEC 27001, ISO/IEC 27034, ISO/IEC 5055, ISO/IEC 27701, NIST SSDF, PA DSS / PCI DSS, WLA SCS, HIPPA, GDPR etc.)

With proper software and security processes and practices in place, as part of your SDLC – Software Development Lifecycle, you are much better positioned to be compliant. Contact us to help you.