Privacy and security became very relevant to everyday life and citizen. Scandals and leaks (eg: Snowden) demonstrated the importance to protect our own communications. PrivateWave was born in 2006 to secure communications, targeting large enterprise and government agencies.
We developed a multi-platform secure VoIP solution, available on Android, Blackberry 7 and 10 and iOS, to protect phone calls and messages.
As time goes by, SW development seems more and more simple and easy, but professional development in enterprise contexts is another matter. Production quality code, Q&A, product management are difficult. Shaping everything under “secure” hat makes all of them even more complex and expensive. We would like to present some important lessons and experience that we learnt, during these years, in the following areas of secure software development:
* TLS, ciphers and certificate pinning
* Secure logging
* Randomness and entropy
* Mobile networks
* App designed and developed on BB5, then ported to android
* Cross-platform development
* Vulnerability Assessment
* Static Analysis
* 3rd parties libraries, frameworks?
* mobile platforms in enterprise
* secure storage and keystore