H33.ai Introduces HICS to Provide Mathematically Verifiable Software Security Scores

H33.ai has launched HICS (H33 Independent Code Scoring), a free tool designed to deliver mathematically verifiable software security scores, changing how organizations assess risk in the software they procure. Unlike existing security analyses that rely on potentially manipulable reports, HICS utilizes STARK zero-knowledge proofs and Dilithium post-quantum digital signatures to ensure results are tamper-proof and independently verifiable. The tool evaluates code across five key dimensions: cryptographic security, vulnerability surface, data handling, operational resilience, and code health, generating a score from 0 to 100. “HICS is the Carfax for code—free, trustless, verifiable, and mathematically impossible to fake,” said Eric Beans, CEO of H33.ai, Inc. By generating a cryptographic “attestation layer,” HICS provides enterprises with a new level of assurance when evaluating software vendors, moving beyond slide decks and toward provable code quality. HICS Attestation Layer: SHA3-256, STARK Proof, and Dilithium Signatures This tool is not intended to replace established methods, but to provide an independent, verifiable layer of trust that existing audits and static analysis lack. Central to this system is the generation of a .h33 certificate containing four key cryptographic artifacts: a SHA3-256 Merkle Root commits the codebase version without revealing its contents, while a STARK proof demonstrates the correct execution of the scoring algorithm, leveraging zero-knowledge principles and quantum resistance. Complementing this is a Dilithium ML-DSA-65 signature, a post-quantum cryptographic method compliant with NIST FIPS 204, ensuring the signature cannot be forged by current or future computing technologies. A unique Proof ID then links these elements, allowing anyone to verify the certificate’s authenticity at h33.ai/verify. H33.ai demonstrated its commitment to transparency by subjecting its own production codebase, 478 files comprising 294,200 lines of Rust, to the HICS evaluation, initially receiving a score of 70 out of 100. H33 published the findings, the deductions, and the remediation plan in a public blog post. Within 24 hours, the company rectified all identified issues, achieving a perfect score of 100, proving the algorithm’s efficacy and the code’s subsequent improvement; the company emphasizes that the algorithm remained unchanged, only the code itself was improved. Both scores remain publicly accessible. This commitment extends to the HICS-PQ program, which provides per-library post-quantum attestation with STARK proof and automated release timestamps, ensuring ongoing verification of cryptographic libraries like Dilithium and Kyber. H33’s Self-Assessment: From 70 to 100 Score with Public Remediation The demand for robust software security assessment is escalating, with organizations increasingly reliant on tools like static analysis and software composition analysis to identify vulnerabilities. However, a critical gap remains in verifying the integrity of these assessments themselves. H33.ai, Inc. aims to address this with HICS (H33 Independent Code Scoring), a newly released tool that generates cryptographically verifiable code quality scores, offering a level of assurance previously unavailable in software procurement. The company stated, “The algorithm was not modified. The code was,” emphasizing the focus on genuine improvement. Both scores remain publicly accessible, establishing a precedent for verifiable self-assessment. Beyond the initial scan, H33.ai has implemented HICS-PQ, a program for per-library post-quantum attestation, automatically generating verifiable proofs for each of its cryptographic libraries, Dilithium, Kyber, FALCON, SPHINCS+, and three FHE engines, at h33.ai/pq. These attestations evaluate correctness, security, performance, and standards compliance, providing ongoing assurance of code integrity. A used car comes with a Carfax. A $2M annual software vendor comes with a slide deck. HICS is the Carfax for code – free, trustless, verifiable, and mathematically impossible to fake. Eric Beans, CEO, H33.ai, Inc. HICS-PQ: Automated Post-Quantum Library Verification & Attestation Program H33.ai is extending its automated code verification platform, HICS, with a dedicated program for post-quantum cryptographic libraries, dubbed HICS-PQ. This initiative addresses a critical need for assurance in a rapidly evolving threat landscape, where current encryption standards face obsolescence with the advent of quantum computing. Unlike traditional security audits which rely on periodic assessments, HICS-PQ provides continuous, automated attestation for libraries like Dilithium, Kyber, and FALCON, ensuring ongoing integrity and resilience. Each library’s attestation, publicly available at h33.ai/pq, is automatically updated with every code release, offering a dynamic record of security posture. The HICS-PQ program evaluates libraries across four key dimensions: correctness, verified against NIST Known Answer Test vectors; security, focusing on constant-time execution and side-channel resistance; performance, measured through latency benchmarks; and adherence to relevant standards like FIPS 204 and 206. This comprehensive assessment isn’t simply reported; it’s mathematically proven. “Every release, automatically attested,” explains H33.ai, emphasizing the continuous nature of the verification process. The system generates a cryptographic “badge” that vendors can embed on their websites, providing a live, real-time check of the attestation’s validity, confirming the Proof ID exists, the STARK proof is valid, the Dilithium signature is intact, and the certificate is current. The company publicly documented the findings and subsequent remediation, ultimately achieving a score of 70 out of 100, with both scores remaining publicly accessible. The open-source scoring formula allows for public audit, while the implementation remains proprietary, balancing transparency with intellectual property protection. H33.ai, Inc. is the first company to display the verification badge, linking to its verified 100/100 at h33.ai/verify, setting a new standard for demonstrable code integrity. If you’re evaluating software from any vendor, ask one question: “What’s your HICS score?” If they have one, verify it at h33.ai/verify. If they don’t, ask why. If they won’t run it, that tells you everything you need to know. Source: https://www.einpresswire.com/article/902772241/h33-launches-hics-for-free-the-first-trust-less-software-scoring-tool-with-post-quantum-cryptographic-proof Tags: