The National Information Systems Security Agency (Anssi) and the Atomic Energy Commission (CEA) announced on June 29 that they had signed a three-year framework agreement. “As the cyber threat intensifies in the context of heightened international tensions, this agreement concretizes the desire of the two organizations to work closely together to anticipate and develop tomorrow’s software analysis that will be more innovative and effective,” said Guillaume Poupart, Director. General Annecy, who is about to leave.
Become a Certification Leader
The main goal of this cooperation is the development and implementation of “new tools and approaches” to check the absence of vulnerabilities in “digital systems” at the design and integration stage. The theoretical approach will be controlled by the French school of mathematical foundation of formal methods. This partnership should also enable France to “rise to the top of the world” in the field of software evaluation, in particular with a view to adopting European certification schemes.
The work, in particular, will use the open source Frama-C code analysis platform. Developed by CEA teams and recognized by Anssi, it provides comprehensive software vulnerability class discovery and assessment to certify security products “at the highest levels of common criteria”. “The use of open security environments further optimizes and embeds security into large-scale processes, applications and infrastructure,” the partners say.
Work that should benefit teams
As part of this collaboration, special attention will be paid to “the potential impact of research results on cybersecurity professionals.” Indeed, the Anssi and CEA teams need to benefit from academic work in their daily lives. They will work hand in hand to “carry out a needs and benchmarks analysis, thereby contributing to the development of a French and European ecosystem rich in diversity and integrating academic, institutional and industrial forces.”