About

The sec-certs project aims to be the one-stop shop to explore the Common Criteria / FIPS 140 certification ecosystem.

It all started in 2019, when we found a vulnerability in a Common Criteria-certified device. We wanted to investigate devices using the vulnerable one and understand the vulnerability impact. However, such analysis proved to be extremely laborious due to the lack of machine-processable data. We thus started aggregating and analyzing certification data, which enabled unified search, trend analysis, dependency visualization, and other features. Over time, we started interconnecting with other public datasets, most notably the list of CVEs.

In the spirit of open research, we decided to publish the dataset as well as the Python library to explore it for free. You're welcome to check out the library documentation as well as the full project and website source code.

Over time, we have written multiple research publications on the tool itself and the insights into the certification ecosystem gained using it. For the list of all publications, see the Research page. We welcome collaboration of any kind – if you are interested, feel free to get in touch at [email protected].

Use the library Read research Get in touch
Team photo

Project team

Sec-certs is developed at the Centre for Research on Cryptography and Security (CRoCS) at Masaryk University, Czechia. Our lab aims to improve security and privacy through applied research (often in cooperation with industry) and advanced education of future security professionals.

Petr Švenda

Initial implementation, idea person

2019-now

Ján Jančár

Web implementation, anti-idea person

2019-now

Adam Janovský

Library implementation, machine-learning

2019-2024

Łukasz Chmielewski

Common Criteria insights

2023-now

Jaroslav Řezník

FIPS-140 insights

2023-now

Yasir Yakup Demircan

Machine-learning

2024-now

Martin Ukrop

Project lead

2022-now

Vashek Matyáš

Project & student supervision

2019-now

Student members

Several students extended or used the functionality of the sec-certs project in their Bachelor's or Master's thesis.

Martin Fryan
Master's thesis on Analysis of Common Criteria Protection Profiles, 2019-2020
Stanislav Boboň
Bachelor's thesis on Analysis of NIST FIPS 140-2 security certificates, 2021-2023
Jiří Michalík
Bachelor's thesis on Data analysis of the Common Criteria certificates, 2021-2022
Dominik Macko
Master's thesis on Enhancing Common Criteria Certificate Analysis with Semantic Segment Search, 2023-2024
Erik Moravec
Master's thesis on Metadata overlay for seccerts.org with security analysis tools, 2022-2023
Juraj Cigáň
Master's thesis on Information extraction from security certificates, 2022-2023
Yulia Teslia
Bachelor's thesis ongoing, 2024-now
David Valecký
Master's thesis ongoing, 2024-now
Martin Hofbauer
Master's thesis ongoing, 2024-now
Tomáš Chrenko
Bachelor's thesis ongoing, 2024-now

Sponsors

We greatly appreciate the support we have received over the years. This included direct financial support as well as computing infrastructure, networking and dissemination opportunities.

CHESS CHESS
EU EU
This work is supported by the European Union under Grant Agreement No. 101087529: Cyber Security Excellence Hub in Estonia and South Moravia.
RedHat RedHat
This work is supported by Red Hat Research.
CyberSec4Europe CyberSec4Europe
This work was supported by the CyberSec4Europe project.
MSMT MSMT
EU EU
This work was supported by the Internal grant agency of Masaryk University, project CZ.02.2.69/0.0/0.0/19_073/0016943.
MetaCentrum
Computational resources were supplied by the project e-INFRA LM2018140.