Let’s just say that our sweet spot is leveraging from the analysis of source code for any given system and creating insights not only for the software engineers behind it but also for the higher and C-level management of an organization.
The proprietary and accredited (according to the ISO 17025 standard) SIGRID platform of our partner SIG, enables the analysis of the source code and the architecture of any given software system based on the ISO 25010 international standard for software product quality.
At code4thought we notice that organizations and governments invest a remarkably high amount of money in cyber security in order to protect their sensitive information and systems from unauthorized activities but not always with the expected success.
What we also experience is that even though the software development process has moved towards an “Agile” and faster feedback way of working, security most of the time still follows the traditional “Waterfall” step-after-step style. Mass effort and budget are spent to ensure software security on the last steps of the SDLC (Software Development Life Cycle) process, mainly via penetration tests. However, by integrating it in the prior steps including designing and development, we strongly believe effort and budget will be reduced, by at least 50%, and vulnerabilities will be significantly decreased.
During an IT Due Diligence, we do what we know best, that is to dive deep into the source code underlying digital assets to identify and quantify hidden investment risks and opportunities.
A typical IT due diligence barely scratches the surface, including little more than interviews with the target company’s IT leaders, review of documentation, and a demo of the software. The result? Investors buy a “black box” of software, and only later find out that it can’t support their strategic goals.
Knowing at any time and in detail the current state of an organisation’s IT landscape and the role of its systems inside the business functions has been proven in action quite a challenge for IT teams, as it is a product of time & multiple “contributors”.
This lack of visibility results in reduced operational effectiveness, increased costs & hidden risks. It also acts as a significant barrier for digital transformation initiatives, since a not fully visible “as-is” situation makes it even harder to define the “to-be” situation of an IT landscape for the future.
Moreover, both business and IT have their own agendas and initiatives, most of the time not being aligned. The gaps in communication and co-ordination between business and IT further increase difficulty for internal attempts to record the IT landscape.
This is where our Enterprise Architecture Mapping solution comes in.