DEVCORE (Dave Cole) announced today (February 2) that red team exercise services will be included in the public sector's joint contract security service project by the end of 12. DEVCORE is also one of the joint contract red team exercise service providers, indicating that government departments hope to improve security defense effectiveness through red team exercises.
DEVCORE also pointed out that the amount of red team exercise cases in 2024 will increase by 11% compared to the previous year, and estimated that the revenue growth of red team exercise services in 2025 is expected to exceed 20%.
Industry and government work together to strengthen cybersecurity defenses; DEVCORE red team exercises are incorporated into the public sector joint agreement.
To comprehensively enhance the cybersecurity protection capabilities of government agencies, the Digital Industry Administration of the Ministry of Digital Development has included "Red Team Exercise Services" in the scope of the "Fifth Computer Software Joint Supply Contract Procurement in 113 - Information Security Services and Information Services." This is not only the addition of a new cybersecurity service item in a decade, but also a milestone in the government's high regard for and further strengthening of cybersecurity protection.
As Taiwan's first dedicated red team exercise service provider and a leading provider of this service, DEVCORE will enable government agencies to procure the necessary cybersecurity services through joint supply contracts. This significantly improves procurement efficiency while enabling the government to select cybersecurity services that meet the required quality standards and meet agency budgets and needs, enabling more precise cybersecurity drills and enhanced protection.
DEVCORE CEO and Co-founder Yung Ho-cheng said, "DEVCORE is pleased to see red team exercise services included in the public sector joint supply agreement. This not only symbolizes the government's increased investment in cybersecurity protection, but also demonstrates the value of exercise services is such a recognition that it will serve as a model and influence the industry to adopt advanced exercise services. We also hope to leverage our technical expertise and years of practical experience in red team exercises to help companies apply the results of red team exercises to their strategies and overall response mechanisms, building a more secure and forward-looking digital environment from the architecture and process levels, and comprehensively deepening cybersecurity resilience."
Demand for red team exercises is on the rise, and market momentum is expected to reach new heights in 2025.
DEVCORE's internal observations and statistics show that red team exercise services are being adopted by more industries, and market demand continues to grow steadily. From 2021 to 2024, DEVCORE received a 2.6-fold increase in inquiries and bookings for red team exercises. In January 2025, the number of inquiries and bookings alone exceeded 1% of the same period last year.
The financial sector has the strongest demand for red team exercises, while inquiries from the semiconductor industry have steadily increased since 2022. Actual procurement data shows that the financial sector remains the most active in implementing red team exercises, accounting for 29%. The semiconductor industry and government agencies account for 28% and 14%, respectively. These three industries are expected to account for over 2024% of DEVCORE's red team revenue in 70.
DEVCORE also observed an 2024% increase in the value of red team exercises in 11 compared to the previous year, with new clients accounting for over XNUMX% of the total. Furthermore, DEVCORE has begun receiving inquiries from major server OEMs, demonstrating that the benefits of red team exercises are gaining wider recognition among businesses and industries, leading to a greater emphasis on and proactive investment in cybersecurity to combat increasingly severe cyber threats.
To deepen cybersecurity defense, DEVCORE continues to promote red team exercises and impart hacker thinking.
In response to the continuous improvement of government and industry cybersecurity protection capabilities and the dynamic development of cybersecurity protection situations, DEVCORE will also provide different types of drill modes based on different cybersecurity constitutions and drill expectations. The past focus on discovering vulnerabilities and maximizing their effectiveness has been expanded to more realistic simulated attack scenarios. Using a red-blue coordination model, the system verifies the reaction speed, capabilities and cybersecurity incident response process of enterprises facing real attacks. The system has expanded from the past emphasis on technical-level repairs to comprehensive improvements at the cybersecurity strategy and management levels.
In addition, supply chain security has been one of the most challenging cybersecurity issues facing businesses in recent years. DEVCORE will also launch customized proactive product security research services, led by an internationally award-winning cybersecurity research team. These services will assist businesses in verifying the security of various products, including software, hardware, and firmware, ensuring compliance with high cybersecurity standards, protecting the safety of product users, and helping businesses enhance their brand image and credibility through security products.
In addition to strengthening Taiwan's government agencies' defense capabilities through red team exercises, DEVCORE has long been committed to disseminating hacker thinking. In 2025, it will continue to hold the DEVCORE CONFERENCE, a technical seminar focused on attack-oriented techniques. The event will take place on March 3th, focusing on the essence of attack techniques and methods with the industry, government, and academia, helping the industry to think about defense strategies from the attacker's perspective, review their own information security protection configurations in a more effective way, and jointly respond to the ever-changing threats of cyber attacks.
