Software development has become an essential part of daily work in research institutions such as DLR. However, functional requirements are in the foreground, so that other aspects and in particular IT security are often neglected. At the same time, the growing complexity and proliferation of IT and software systems is associated with an increase in attack options and actual attacks. In order to avoid cyber attacks and thus damage or loss of reputation at best in advance, methods for securing and hardening the systems are already desirable during their development, combined with the lowest possible personnel effort and resource consumption.
In order to promote the development of high-quality and secure IT and software systems even with limited resources, concepts and tools are necessary that effectively support this goal. In this context, the working group Secure Software Engineering deals with intelligent and data-driven methods for the analysis of software development processes and the resulting products. By evaluating the process data, meta data and artifacts that occur during software development, we can draw conclusions about the quality of individual processes and process activities and derive recommendations for the use of development concepts and tools. The long-term goal of the working group is to establish institutional structures and best practices to support DLR in the development of secure IT and software systems. The group is also available to advise external partners.
Concrete areas of work are, for example: