Skip to main contentSkip to page footer

CYBER- & SOFTWARE-SECURITY

Thoughtful security concepts from development to operation.

Our world is becoming more and more interconnected, and the secure development of software is increasingly in focus. With measures like NIS2 and the Cyber Resilience Act, the European Union is responding to the recognized risks to the economy. The goal: Industry and software manufacturers should catch up in terms of cyber and software security. The hacker attacks that are repeatedly discussed in the media clearly show that security must be considered from the beginning to the end of software development. 

Secure Software. From idea to operation.

Public media are increasingly reporting on hacker attacks and data leaks, which lead to long-lasting production failures and customer demands for high compensation sums. A loss of image after such an attack means significant financial losses for companies. To minimize the risk, it is crucial not only to consider security as an additional feature, but to ensure it from the beginning to the end of the software lifecycle through a secure development process. 

Security must play a central role in all phases of software development - and beyond: 

01

Secure Requirements and Ideas

Already in the requirement phase, security must be considered. This includes a precisely defined security environment as well as threat models and the accompaniment by a security expert as a duty. 

02

Secure Architecture and Concepts

The architecture, i.e., the basic framework of the entire software solution, is also responsible for the basis of security. 

03

Secure Implementation

Every line of code contains a potential risk. Only through secure implementation procedures, security guidelines, and trained developers can a secure solution be created at all. 

04

Use of Secure Third-Party Components

Not only own code leads to security gaps. Often it is also open-source or purchased components that cause a vulnerability. Therefore, the selection and testing of third-party components are essential. Documentation in the form of a Software Bill of Materials (SBOM) is also mandatory. 

05

Security Tests

Continuous testing of the software is mandatory. The software security must be checked automatically with every change through own tests, as well as through security tools. A penetration test by an external and thus independent service provider rounds off the measure. 

06

Secure Delivery and Operation

The secure delivery, whether in the cloud, on a smartphone, desktop, or an IoT device, must be ensured in any case. For this, secure mechanisms for the creation and distribution of the software, including secure updates and monitoring of cloud systems, are necessary. 

07

Vulnerability Management

100% security cannot be achieved. This fact must be taken into account and precautions must be taken. Own processes and technical preparations for quick responsiveness are just as much a part of this as the monitoring and management of vulnerabilities in used third-party components. 

EU Cyber Resilience Act (CRA), NIS2 Implementation Act, IT Security Act 2.0, KRITIS Act

Both German and European legislators want to strengthen IT security in the economy and for private users and ensure fair competition that is based on the same minimum standards. This involves requirements for products (hardware and software) as well as corporate infrastructures. Non-compliance can result in sales bans, high fines, and even personal liability for managing directors. 

IEC 62443

For us, safety has been a top priority in the development process long before the latest legal measures. The IEC 62443 certification of our development process underlines our comprehensive approach. Compliance with IEC 62443 standards and the EU Cyber Resilience Act is a matter of course for us.

Ralf King

Ralf King is a security expert and head of our Competence Center “Cyber and Software Security”. As a trained software engineer, he has personally learned the tasks and challenges in the various project phases from software developer to project manager, while he established the topic of software security at an early stage. Today, with his security team, he supports the project teams in every phase and takes care of the Security Development Lifecycle according to IEC 62443.  

“The way software is developed in most companies needs to be fundamentally rethought. Security should not be squeezed into a project as a last nice-to-have feature only at the end of the project under release time pressure. Besides security risks, there are also business risks. Not only in the classic IT world, but also in the increasingly networked OT world, i.e., the systems of production, security must urgently arrive if the economy wants to avoid ever greater damage in supply chains and companies.” 

When developing Linux systems for embedded devices, you often come across the build systems Yocto, PTXdist, Buildroot and Elbe. In this blog post, we compare…

Read more
Blog

Data processing and analysis on edge devices is increasing rapidly. Local processing significantly reduces data transmissions, saves bandwidth and opens up new…

Read more
Press

Honoured at the German SME Summit: Ranga Yogeshwar congratulates M&M Software GmbH from St. Georgen in the Black Forest on being awarded the TOP 100 seal. The…

Read more
Blog

Discover the possibilities of Playwright: the future of browser automation. It supports multiple browsers, offers a unified API and enables visual checks with…

Read more
Blog

Data is the fuel for successful companies. High-quality data is essential for well-founded decisions. That is why strong data quality management (DQM) is a…

Read more
Blog

In the past, software developers had to develop individual solutions for complex distributed systems, which was time-consuming and cost-intensive. Dapr offers…

Read more
Blog

The connection between IT systems (e.g. ERP or MES systems) and OT systems (such as sensors, PLC and SCADA) is increasing. More data is required from the lower…

Read more
Blog

Python is undoubtedly one of the most important programming languages for data science projects. With its simple syntax and extensive library diversity, it…

Read more
Whitepaper

In the context of the IIoT, security plays a particularly important role. In addition to the theft of trade secrets, the consequences of a cyber-attack can…

Read more
Volker Herbst

I will answer your questions.

Volker Herbst

Group Leader Sales