Vashek Matyáš
Masaryk University
| e‑mail: |
|
|---|
sec-certs is a tool designed to increase transparency of certification documents from the Common Criteria, EUCC and FIPS 140 certifications and associated processes. It collects, processses and structures publicly available documents from security certiications artifacts into machine-readable data. It helps to link the certified products to publicly listed vulnerabilities (CVEs), expose unavailable data, show inconsistent or hidden relationships between certified products, and errors in existing data. The tool can be accessed via API or a web interface at sec-certs.org, and provides cleaned, structured data for further analysis and verification.
Core Features
sec-certs processes certification artifacts to produce a comprehensive, searchable dataset. It maps relationships between certified products, correlates certification documents with the National Vulnerability Database, generates dependency-style graphs, and supports full-text search across all certification artifacts. The tool is suitable for analyzing complex systems comprising hardware and software, providing a clear picture of interdependencies and security implications across the mapped certification landscapes.
Key Benefits
sec-certs enables a systematic and quantitative understanding of the certification landscape, improving transparency of the cybersecurity certification frameworks. By automating the extraction and analysis of certification documents, it supports efficient assessment of security levels, identification of potential risks in individual devices, and informed decision-making by users, vendors, and regulatory authorities. As an open-source alternative to proprietary tools, it allows for broader verification, reuse, and adaptation.
Areas of Application
sec-certs users span the entire ecosystem of certified ICT products: device owners, security researchers, vendors, certification bodies and laboratories, government agencies and corporations, and general expert public. By providing certification insights, trend analysis, and notifications on emerging risks, sec-certs makes certification data transparent and comparable. The result is better-informed decision-making and increased trust in emerging EU cybersecurity certification frameworks.