|
.Welcome to n.runs AG
The n.runs AG, founded in 2001, has established itself on the market as a developer-independent and neutral
consulting company for the sectors of IT security, IT infrastructure and
IT-Business Consulting . The services provided by this vendor pursue a comprehensive approach and
encompass auditing/assessment, design, support
in the application of the latest technologies, along with process consulting and knowledge transfer. In
September 2008, n.runs AG became the only central European company to join the “Microsoft Security Development
Lifecycle Pro Network”, followed by the implementation of the sector “Security Development Lifecycle”
with trainings and consulting focussing on the subject Security in Software Development .
Consulting
We pursue an integrated approach to our services and cover Audit/Assessment, Design, support with the utilization of the newest technologies, business processes and knowledge transfer to the customer.
n.runs delivers solutions based on our clients´ requirements as specified by the client. This not only fulfills the expectations of the clients, but in most cases far
exceeds what was anticipated. With this in mind, we have formed individual consulting teams, who are trained and specialized in the conception of solutions in the areas of our technical consulting
services. A large investment of time and money has been placed into these teams to develop solutions which can then completely be adapted to fit specific client requirements.
With this methodology we have developed an extensive wealth of experience and knowledge, which can be brought to bear on each of our client
engagements.
Contrary to other consulting firms n.runs, promotes the development and maintenance of these methodologies and practices internally, and does not charge the customer for this.
Thus it is guaranteed that the customer pays only for the work, which has been adapted particularly for them.
The result is a more efficient implementation of solutions, an increased ability to effectively answer client questions, and consequently decreasing client costs
with the development of individual products.
Security Development Lifecycle (SDL)
Starting with the Trustworthy Computing (TwC) directive of January 2002, many software development groups at Microsoft instigated
“security pushes” to find ways to improve the security of existing code. However, the reliable delivery of more secure software requires a
comprehensive process. To that end Microsoft defined four guiding principles to guide the creation and support of more secure software: Secure by
Design; Secure by Default; Secure in Deployment; and Communications (SD3+C). The SDL brings these principles to life, by integrating them into every
step of the software development lifecycle.
Security Development Lifecyle is a holistic and comprehensive approach that leverages education, process, technology and executive commitment in
order to consistently create more secure software. The SDL should complement (rather than disrupt) the development lifecycle. Secure software
development requires executive commitment, ongoing process improvement, education and training, tools that help to detect security vulnerabilities,
and incentives as well as consequences to make sure everyone adheres to the process. n.runs SDL trainings and consulting are intended to implement
and accomplish the aforementioned goals, independent and with the background and know how of the Microsoft SDL Pro Network.
|
