Onward Security HERCULES SecFlow

Promote this Nomination

Additional Info

CompanyOnward Security Corp.
Company size (employees)50 to 99
Type of solutionSoftware


HERCULES SecFlow is a product security management system, providing a comprehensive security vulnerability database, and pro-active security event monitoring. It aims to assist users to meet different standard or compliance requirements for ISO 27001, ISO 27034, IEC 62443, OpenSAMM, and NIST SP800-64. Meanwhile, taking SSDLC into consideration, it helps users ensure the practices in phases of design, implementation, testing, and maintenance.

Based on the principle of Secure by Design, HERCULES SecFlow provides a “product security management system” for product development, an automated system management mechanism to manage and track each stage of DevSecOps, as well as the required security processes and measures. It enables the development, security, and O&M teams to work in tandem with each other so as to quickly establish a secure software development process.

The SecFlow provides information on security vulnerabilities and security incidents in real-time. Its automated vulnerability analysis and management function can ensure the security of products and third-party packages, reduce the security risk derived from the software development process, improve overall security response and processing efficiency, and avoid dispute litigation arising from product security issues.

Through SecFlow, the security issues and security requirements or compliance, as well as threat models, can be disclosed to verify the integrity of the security test plan in the design phase so that the accurate security test plans can be conducted in the implementation phase. In the testing phase, the 3rd party components of products can be analyzed, and various test reports can be imported to SecFlow, in order to keep the records, analyze the vulnerabilities and present different dimensions of product risk.

In the last phase, maintenance, the updated incident notification, proactive notification, and incident tracking will be provided immediately to assist the security team to tackle incidents promptly. SecFlow helps industries to reduce and manage security risks.

Additional Information

1. Embracing agile development and improving security with compliance automation

HERCULES SecFlow, developed by Onward Security, provides automated auxiliary functions for DevSecOps processes, allowing users to speedily and easily establish information security communication channels and mechanisms. It can assign the corresponding rights and responsibilities to the relevant teams. By assigning tasks, reviewing, and reporting functions, all teams can quickly adapt to the concept of product security development. Through the SecFlow policy module, the security team can publish the security-related information and the reminder notes about the secure code development to the relevant staff (such as the R&D team or O&M team). A series of assignments, sign-off procedures, as well as providing the latest information can fully strengthen the security awareness of each team.

2. Integrated and multi-dimensional product security analysis

By analyzing the 3rd party components and integrating the imported security policies, threaten models, and test reports for various sources, HERCULES SecFlow provides a multi-dimensional product security report to present the comprehensive product security in each of the phases and levels. It supports users to design, develop, maintain and manage the product security followed SSDLC, and reduce the possible risks and losses

3. Risk-based vulnerability management solution

HERCULES SecFlow supports a comprehensive and abundant security vulnerability database, which contains a wide range of vulnerability information and over 120,000 vulnerabilities, including CVE and Non-CVE vulnerabilities. SecFlow adopts the daily collection and analysis mechanism to ensure that the vulnerability information is up-to-date. Also, the system provides first-hand information to assist users in handling the incident and controlling losses by comparing the product specification with the above vulnerabilities.