Software is everywhere: in our homes, businesses, organizations software is present. Almost all services in our society are dependent on software. Innovations like cloud, internet of things, artificial intelligence are impossible without software.
However, we hardly know about the security of the software used in all these contexts. It is difficult for most organizations and end-users to assess security of software. The impact of vulnerabilities in software are often on the frontpage of our media: data taken hostage by ransomware, coordinated attacks by hacked IoT devices, vulnerabilities in industrial installations and sometimes even cyberattacks on our public infrastructure.
Security of Software is the most important requirement for trust in our IT-devices and services. However, software security is not or difficult to determine for an outsider. Our goal is to make security of software measurable, manageable and controllable. So that parties can provide assurance to the user of software that software is safe enough for the context in which software is used and the risks a user is willing to accept.