SI Secure
SI Secure
IndustriesServicesProductsCompanyLibrary
SI Services


Security Innovation History

In the late 1990's, as the dot-com boom was in full swing and the proliferation of software into our every day lives continued, Dr. James A. Whittaker, founder of Security Innovation and renowned expert on software quality, identified the importance and emergence of software security. While software vendors made the most of the opportunity to build more products and service the ever-increasing demands of the software market, Dr. Whittaker saw risk. Since billions of dollars would soon be sitting behind and passing through software applications, he realized the need to build systems that would counteract the production of poorly designed software and resist attack from those seeking to compromise it. 

Ground-Breaking Research

The 1990's witnessed a slew of poorly designed software releases.  As a result, we decided to analyze the most accessible and exploitable corporate liability: software bugs that ship. Security Innovation embarked on Government- and Corporate-funded studies to gather, assess and classify tens of thousands of functional and security bugs. The objective was to better understand their cause, symptoms and to invent techniques that would detect them during testing. The result was first a whitepaper, then a book, then a testing methodology and finally, a training course called “How to Break Software Security.”

Launched as a Security Testing Company

Building on this research and the needs he learned of from his close relationship with Microsoft, IBM, and other leading software organizations, Dr. Whittaker launched Security Innovation in Melbourne, FL in 2002.  He brought in key developers, technologists, and managers to identify emerging market trends in security and construct solutions to those needs. He populated the company with personally-trained experts in software security and continued to do so as he remained a full-time professor at FIT (Florida Institute of Technology.) Thereafter, the company embarked on developing products, methodologies and services that would revolutionize the way we approach security testing. These assets took years of research and practice to develop, as such; they are extremely sophisticated, advanced and unparalleled in their ability to detect major software vulnerabilities. Security Innovation’s early customers were primarily in the Technology and Federal Government markets that needed to ensure major vulnerabilities were isolated prior to software release or deployment.

Expansion into Education

As organizations became more aware of the seriousness of application-layer security defects, they also realized the new and advanced skill sets needed to mitigate the risks of these defects. In 2004, Security Innovation formally launched its Security Education service line, complete with courses for architects, developers, testers, managers, and auditors. We also began to expand the markets we served as companies outside of the technology and government industries also began struggling with application security. Organizations not only wanted to know what vulnerabilities existed, but what the implication of those threats were and how to mitigate them in their environment.

Government Spin-Off

In January 2005, Security Innovation created a spin-off company focused exclusively on the US Federal Government. This organization’s charter was to service the needs to classified US Department of Defense and Intelligence Agencies. This company remained in Melbourne, FL, while Security Innovation, Inc. opened commercial offices in Boston, Seattle, and Amsterdam. In the years following, Security Innovation, Inc. quickly penetrated the Fortune 500 and Financial Services market and increased it's visibility by delivering hundreds of presentations at industry and corporate conferences and authoring numerous articles, whitepapers, and books on the topic of information and application security.

Growth into Risk Management and Fraud Solutions

Security Innovation has maintained its might in delivering solutions for software development teams. Our core competency of understanding how applications function and fail with respect to security enables us to deliver high-value services and products development teams need. Through the emergence of industry, government, and corporate regulations, security has grown from a “nice to have” to a mandatory business requirement. As such, many organizations need to integrate application security into its Risk Management, Incident Response, and Fraud functions. Security Innovation expanded its Consulting and Risk Mitigation offerings to match the needs of these groups. Business-level threat modeling, development of industry best-practices and security policy improvement now complement our core strength of software security risk assessment.

back to the top of the page