As experts in high-trust solutions, we are often asked about the benefits of commercial off-the-shelf products versus seemingly more affordable Software Development Kits (SDKs), Open Source libraries or third-party pre-compiled libraries or binaries.
What to consider when deciding to build or buy
Often organisations forget that Open Source is not always free. While there isn’t a licence to pay for, the cost, internal resource and time needed to build, configure, maintain and integrate can quickly mount up. There’s also a customer support cost too.
The same is true with third party Software Development Kits (SDKs), pre-compiled libraries and binaries – the initial lower cost can sound enticing but significant development takes internal software developers away from other projects.
When considering your options, ask the following questions:
- Are my developers experts in the complex world of PKI and digital signature solutions?
- What are the financial liabilities in the event of a component defect or serious vulnerability?
- What are the brand and service effects of not meeting key security requirements?
- How will my team support the solution long term?
- What SLA can I place on third party SDK/libraries or open source?
- What roadmap exists for long term support from the third-party partner?
- How will I achieve important security validation of my solution, FIPS and Common Criteria?
- What will the impact be on other business development activities?
- What is the total cost of a commercial off the shelf (COTS) solution?
- How does this compare to my internal development team, plus third party SDK and support?
Commercial software vendors like Ascertia invest significant time and resources into their development and Quality Assurance teams. Security by design is at the heart of everything we do.
Our products provide a variety of services that enable PKI services for certificate enrolment, digital signatures, signature and certificate verification.
The Ascertia product teams are respected industry specialists and are dedicated to the design, development and testing of security solutions that provide organisations across the world with high-trust PKI and Digital Signature solutions. Products developed by Ascertia undergo regular third party evaluation and are successfully certified to FIPS and Common Criteria certification schemes.
If you’d like to discuss your PKI projects to find out how we can help, get in touch.