INSIGHTS: RESEARCH AT NCC GROUP
Cutting-edge research and technical capabilities
NCC Group employs some of the most talented security consultants and researchers on the planet, serving customers worldwide and uncovering countless vulnerabilities per year through both customer work and independent vulnerability research. We are a research-driven firm where every researcher on our team is also an active consultant. Our greatest strength is our breadth and depth of world-class technical capabilities, publicly exemplified by our research publications, now spanning into the hundreds per year, across two decades 1 . We consistently perform independent, cutting-edge security research across hardware and embedded systems security, applied cryptography, programming languages, artificial intelligence and machine learning, mobile privacy, cloud and container security, exploit development, critical infrastructure security and threat intelligence, and beyond all technologies, and in all sectors – the outputs of which support current and future specialist technical consulting capabilities and customer and consultant needs, and respond to world events. We host a GitHub repository of over 200 open-source security tools 2 , have a research group dedicated to security research in the public interest 3 , and are trusted experts to whom open-source projects and major tech companies alike regularly turn for our publicly reported security audits of their most important technologies 4 . Public-facing reports, research papers and tool releases are published on our dedicated research blog, research.nccgroup.com, and are also regularly covered by publications including the Wall Street Journal, New York Times, Washington Post, DarkReading and Politico, as well as other mainstream and trade publications globally. Our research blog attracted over a quarter of a million visitors in the past financial year. We also regularly work with independent UK consumer body Which? undertaking research across a range of smart devices – from toys to doorbells. The results are published in its online and print magazine titles as well as extensively covered by the mainstream media with our more detailed research findings published on our blog. In addition to our published work, our researchers regularly present their work in top research venues across as the world as well as serving on review boards of conferences. These include Black Hat USA, Chaos Communication Congress, HITB Amsterdam, CanSecWest and DEF CON to name a few. Our technical capabilities extend beyond our public-facing work, to include our internal-only research and development function, including our Exploit Development Group, Threat Intelligence Fusion Centre and Full Spectrum Attack Simulation Group as well as unpublished proprietary tooling.
FY21 research Our research investment has had a direct and positive impact on the safety and security of our digital world for everyone, from operators of critical infrastructure to everyday consumers. We discover and remediate existing vulnerabilities before they can be uncovered and exploited by threat actors. We continue to invest in our future – both as a firm, and in improving the security of the global internet ecosystem. In January 2021, we published our inaugural Annual Research Report, in which we summarised our security research findings from across all our conference publications, blog posts and tool releases published by researchers at NCC Group between 1 January and 31 December 2020. In this report, we presented our findings and their impact in context, with links to the associated research papers, recorded conference presentations, publicly reported security audits, technical advisories and open-source tools, as well as selected media coverage of our work 5 . 51
conference presentations, including over 20 presentations at “Tier 1” research venues 9 internal research working groups 8 whitepapers, research papers and research reports 35 open-source tool releases 71 research blog posts 37+ technical advisories/CVEs
18
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
Made with FlippingBook Converter PDF to HTML5