Secure Systems Engineering


Many industries are undergoing radical change. More and more products and services are being created with software or they contain critical software-based components. Competition and innovation are forcing companies to continuously accelerate the software life cycle. The organizational and engineering dividing lines between the pre-operational and operational phases are becoming blurred.

Software development frequently includes wide range of separate value chains involving software manufacturers, outsourcing providers, system integrators, and in-house company resources. The result is that commercial and individual software components are combined with software services and then aggregated into complex, software-based solutions.

These developments impact not only providers such as in the media industry, which is characterized by increasingly digitalized production and marketing processes and the need to supply direct interfaces all the way to the end user through software-based solutions. With growing numbers of products that contain critical software components and which are integrated into various systems by means of software-based interfaces, other industries are also affected by these trends, whether it's medical equipment manufacturers or durable goods producers.

The use of software and software-based solutions can put various aspects of an enterprise at significant risk, including proper operation of the business, the intended use of its products, intellectual property, the company's reputation, and adherence to regulatory requirements. Vulnerabilities can arise through third-party or in-house developed software components, how they are combined and configured, and also as a result of unanticipated operational conditions.

Fraunhofer AISEC develops methods, tools, and approaches for the development and analysis of secure software components and software-based solutions. We take a holistic view of the software solution life cycle, focusing on constructive measures to ensure that security is incorporated into the design and given adequate consideration during the integration and configuration phases.

Skills and services at a glance

We offer our customers a wide range of services including:

  • Manufacturer-wide comparison and selection of current tools, methods, and process models for improving the in-house development process and development environment for secure software
  • Integration of secure software engineering tools, methods, and processes into the software life cycle
  • Definition and implementation of interfaces between suppliers, outsourcing providers, system integrators, and users for the development of secure software
  • Support during the monitoring and improvement of secure software development measures
  • Embedding of non-software-based protection measures and outsourced services in secure software solutions

Press review (Selection)

More securly to more secure software (German)

"Mit einem Rahmenwerk für sichere Softwareentwicklung unterstützen die Security-Spezialisten des Fraunhofer AISEC Entwicklerteams dabei, Schwachstellen in ihren Arbeitsprozessen schnell zu finden und gezielt zu beheben.", 7.10.13

The whole article can be found here.


  • T. Gurschler, J. Großmann, D. Kotarski, C. Teichmann, C. Thim, J. Eichler, J. Göllner, N. Gronau and U. Lechner. "Risikobeurteilung in der IT-Sicherheit Kritischer Infrastrukturen". Digitale Gesellschaft zwischen Risikobereitschaft und Sicherheitsbedürfnis - Tagungsband des 15. Deutschen IT-Sicherheitskongresses, 2017.
  • D. Angermeier, A. Nieding and J. Eichler. "Supporting Risk Assessment with the Systematic Identification, Merging and Validation of Security Goals". 4. International Workshop on Risk Assessment and Risk-Driven Testing (RISK 2016), Springer, 2017.
  • D. Angermeier and J. Eichler. "Risk-driven Security Engineering in the Automotive Domain". Embedded Security in Cars (escar USA), 2016.
  • J. Schütte, J. Eichler and D. Titze. "Sichere Business-Apps unter Android". In: T. Barton, C. Müller and C. Seel (Eds.). "Mobile Anwendungen in Unternehmen - Konzepte und betriebliche Einsatzszenarien".  Springer Vieweg, 2016, 139-156.
  • C. Teichmann, S. Renatus and A. Nieding. "Modellgestützte Risikoanalyse der Sicherheit Kritischer Infrastrukturen für kleine und mittlere Unternehmen: Eine Übersicht". In: Multikonferenz Wirtschaftsinformatik (MKWI) 2016, Band 2. Ed. by V. Nissen, D. Stelzer, S. Straßburger and D. Fischer. MKWI Teilkonferenz IT-Sicherheit für Kritische Infrastrukturen (2016)
  • C. Teichmann, S. Renatus and J. Eichler. "Agile Threat Assessment and Mitigation: An Approach for Method Selection and Tailoring". International Journal of Secure Software Engineering (IJSSE), 7 (1), 2016.
  • J. Eichler and D. Angermeier. "Modular risk assessment for the development of secure automotive systems". In: Tagungsband der 31. VDI/VW-Gemeinschaftstagung Automotive Security, VDI, 2015.
  • S. Renatus, C. Bartelheimer and J. Eichler. "Improving prioritization of software weaknesses using security models with AVUS". In: Proceedings of the 15th IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM 2015), IEEE, 2015.
  • J. Eichler. "Voll ausgereift – Sichere Software mit OpenSAMM, BSIMM und SSE-CMM", iX 11/2013.