MERC cyber personnel perform static, dynamic, and interactive application security testing and software composition analysis on all of our software products to ensure the highest level of quality, safety, and security. Once the analysis is completed, MERC reviews the identified weaknesses and vulnerabilities to confirm the findings and assign a priority for remediation.
The cybersecurity team are experts in using Fortify® to scan the code base to identify any potential vulnerabilities and Selenium® to test web page functionality for bugs. MERC employs OWASP dependency-check as our software composition analysis tool to ensure all of the known common platform enumeration (CPE) identifiers are captured, ultimately identifying the associated common vulnerability and exposure (CVE) entries. The findings are then reviewed and remediated prior to release.
We perform software code analysis in the MERC Cybersecurity Lab.