Skip to main contentSkip to page footer

CYBER- & SOFTWARE-SECURITY

Thoughtful security concepts from development to operation.

Our world is becoming more and more interconnected, and the secure development of software is increasingly in focus. With measures like NIS2 and the Cyber Resilience Act, the European Union is responding to the recognized risks to the economy. The goal: Industry and software manufacturers should catch up in terms of cyber and software security. The hacker attacks that are repeatedly discussed in the media clearly show that security must be considered from the beginning to the end of software development. 

Secure Software. From idea to operation.

Public media are increasingly reporting on hacker attacks and data leaks, which lead to long-lasting production failures and customer demands for high compensation sums. A loss of image after such an attack means significant financial losses for companies. To minimize the risk, it is crucial not only to consider security as an additional feature, but to ensure it from the beginning to the end of the software lifecycle through a secure development process. 

Security must play a central role in all phases of software development - and beyond: 

01

Secure Requirements and Ideas

Already in the requirement phase, security must be considered. This includes a precisely defined security environment as well as threat models and the accompaniment by a security expert as a duty. 

02

Secure Architecture and Concepts

The architecture, i.e., the basic framework of the entire software solution, is also responsible for the basis of security. 

03

Secure Implementation

Every line of code contains a potential risk. Only through secure implementation procedures, security guidelines, and trained developers can a secure solution be created at all. 

04

Use of Secure Third-Party Components

Not only own code leads to security gaps. Often it is also open-source or purchased components that cause a vulnerability. Therefore, the selection and testing of third-party components are essential. Documentation in the form of a Software Bill of Materials (SBOM) is also mandatory. 

05

Security Tests

Continuous testing of the software is mandatory. The software security must be checked automatically with every change through own tests, as well as through security tools. A penetration test by an external and thus independent service provider rounds off the measure. 

06

Secure Delivery and Operation

The secure delivery, whether in the cloud, on a smartphone, desktop, or an IoT device, must be ensured in any case. For this, secure mechanisms for the creation and distribution of the software, including secure updates and monitoring of cloud systems, are necessary. 

07

Vulnerability Management

100% security cannot be achieved. This fact must be taken into account and precautions must be taken. Own processes and technical preparations for quick responsiveness are just as much a part of this as the monitoring and management of vulnerabilities in used third-party components. 

EU Cyber Resilience Act (CRA), NIS2 Implementation Act, IT Security Act 2.0, KRITIS Act

Both German and European legislators want to strengthen IT security in the economy and for private users and ensure fair competition that is based on the same minimum standards. This involves requirements for products (hardware and software) as well as corporate infrastructures. Non-compliance can result in sales bans, high fines, and even personal liability for managing directors. 

IEC 62443

M&M Software certified according to IEC 62443: Highest IT security standards

For us, safety has been a top priority in the development process long before the latest legal measures. The IEC 62443 certification of our development process underlines our comprehensive approach. Compliance with IEC 62443 standards and the EU Cyber Resilience Act is a matter of course for us.

Our IEC 62443 certification confirms our high cyber security standards in the industry and offers our customers comprehensive protection against threats.

Ralf King

Ralf King is a security expert and head of our Competence Center “Cyber and Software Security”. As a trained software engineer, he has personally learned the tasks and challenges in the various project phases from software developer to project manager, while he established the topic of software security at an early stage. Today, with his security team, he supports the project teams in every phase and takes care of the Security Development Lifecycle according to IEC 62443.  

“The way software is developed in most companies needs to be fundamentally rethought. Security should not be squeezed into a project as a last nice-to-have feature only at the end of the project under release time pressure. Besides security risks, there are also business risks. Not only in the classic IT world, but also in the increasingly networked OT world, i.e., the systems of production, security must urgently arrive if the economy wants to avoid ever greater damage in supply chains and companies.” 

Press

MEDICA 2024 was an exciting debut for us - for the first time at the joint stand of Medical Mountains. Dr Jens Achenbach impressed with his presentation on…

Read more
Press

Digital product development is complex - almost like opening a restaurant. You can cook a great dish, but without the right ingredients and the right concept,…

Read more
Press

Last Saturday, we swapped our laptops for spades at M&Ms and set off with our families to plant 500 new trees in the Black Forest.

Read more
Blog

Exploratory testing is one of the oldest test methods in software development. This method is flexible, agile and a valuable component of the test strategy.

Read more
Press

At the AI-Ready Conference 2024, we showed how AI is used in practice. Our AI & Data Consultant Rainer Duda spoke about the use of large language models on edge…

Read more

SPS 2024 in Nuremberg was a great opportunity to showcase our expertise and explore important industry topics in greater depth. A particular highlight was the…

Read more
Press

The Future of Industrial Usability 2024 brought together experts from the industry to discuss a user-friendly future. Our UX Designer Julian Waimer spoke about…

Read more
Blog

In the world of the (industrial) Internet of Things, it is often necessary to store data securely on a device in order to protect it from unauthorised access.

Read more
Blog

Our digital working world increasingly requires the ability to multitask. But is this even possible? And isn't it overwhelming? The answer: it depends!

Read more
Volker Herbst

I will answer your questions.

Volker Herbst

Group Leader Sales