Not having a secure software foundation can result in severe financial and reputational losses. By making it easy to conceptualize complex software architectures and analyzing them for potential threats and vulnerabilities, OVVL aids in mitigating these risks. OVVL can be applied during any stage of the development lifecycle, and easily integrated into existing projects.
OVVL's features are designed do accompany the development lifecycle - starting at the design phase and ending with keeping an existing product up to current security standards.
We think that the simplest approaches are often the best, which is why design and build OVVL's features following a very straightforward principle - the 3-A-Model
OVVL aggregates analysis data, such as CPEs and CVEs, from outside sources and stores it in our backend systems.
When a data-flow diagram is analyzed, all available data is applied to each model, resulting in a very extensive result.
Found security issues can be allocated a priority and applicable state, generating new data usable for future analysis.
OVVL is build at the University of Applied Sciences Offenburg by Prof. Andreas Schaad and Tobias Reski. It is part of the BMBF KMU-Innovation Project "CloudProtect" (Förderkennzeichen 16KIS0850).
Software Security Specialist
Project lead coordinating the project and providing the background knowledge about IT Security, Software Security and Cloud Security.
Architect responsible for the development and documentation of the tool.
We'd love to hear your feedback!