Fraunhofer Institute for Mechatronic Systems Design Software security is a critical topic and is becoming increasingly important in the light of growing cyberattacks. However, in many companies, awareness of security in software development is not yet established at all levels. In addition, companies often lack precise knowledge about how well the software applications they develop are protected and what measures are required to achieve an appropriate level of security for their products. This is precisely where we come in with our software security assessment: We systematically evaluate the current security level of your company's software products. From this, we derive recommendations for action regarding the technologies used, the processes, the organization and the competencies of the employees. The assessment then enables us to provide you with a well-founded and comprehensive analysis that takes all aspects of software security into account. In order to use the results of the software security assessment even more effectively, you can also select suitable training courses from the IEM Academy for various roles in your company based on our analysis. Whether software developers, product owners or managers - in the next step, we tailor our training courses precisely to the identified needs of your employees and thus create the conditions for efficient qualification.
© Adobe Stock / kaliel
Software Security Assessment
Determine the security level of your software development with a software security assessment and find suitable training courses
Process of the Software Security Assessment
The software security assessment begins with an online questionnaire that all employees involved in software development completes. The answers to the questionnaire help us evaluate the level of software security awarenessat different levels of your company. In the next step, we conduct an online workshop with software developers, software architects, product owners, security managers and, if applicable, executives to capture different perspectives and processes related to software security.
This is followed by individual interviews with key stakeholders in the company. The aim of these interviews is to gain a comprehensive understanding of the various roles and tasks in the software development environment. In addition, we conduct a code walkthrough together with the software developers and review a representative development workflow. Depending on the agreement and the number of people involved, we conduct a total of 4-5 interviews, each lasting 1-2 hours. We use the insights gained from these interviews to assess the quality of your existing software security practices using a maturity model (e.g., OWASP SAMM). Determining your current maturity level provides you with a clear understanding of your security posture and serves as a roadmap for defining your next development goals. All results are also recorded in a written evaluation and presented at a management meeting. Our detailed analysis highlights weaknesses and areas for improvement in your previous development work, thus creating the basis for planning targeted measures.
In combination with our two-day training courses, Software Security Training for Developers and Software Security Training for Product Owners and Managers, you can also choose a shorter version of the security assessment to check your company's requirements and to tailor the selected training to your specific needs.