EN 
DE 
All project participants are trained and informed.
How can developers create secure and high-quality software? First of all, it's essential to understand that security and quality are not accidental – they are the result of targeted measures throughout the entire development process.
Quality cannot be tested into the final stage of the process. Due to the required safety level, appropriate measures should be taken in every phase of the project (e.g., requirements analysis, design, implementation, unit testing, integration testing, system testing, commissioning) to ensure that quality requirements are met and, through skillful combination, to minimize the overall effort.
In almost all projects, the lack of coordination between test stages is a problem. This can lead to gaps in test coverage, which are unacceptable in a safety project. A cross-project test concept provides a solution. Unfortunately, many companies lack a dedicated development role that oversees testing at all levels, from implementation to the testing laboratory. One of the biggest problems is inadequate test planning. Engineering work differs from tinkering in that it is planned. Test planning must run parallel to the development of the product being tested.
Software development is lagging behind hardware development.
Security and other quality characteristics must be integrated into the system design from the outset. This begins with requirements analysis. It continues with the design phase, where it must be verified whether the architecture can even meet the security requirements. There are designs where the structure itself reveals that the security requirements cannot be fulfilled. Certain rules must also be followed during implementation to guarantee security. It is advisable to consider how the security requirements can be met at every stage of the process.
In many cases, the focus is too much on implementation. While phase-oriented testing steps may delay implementation, they simultaneously reduce the effort required for lengthy correction loops that permeate the entire development process. One shouldn't try to tame the dragon only when it's already large and powerful. Software development still lags behind hardware development in terms of safety and quality. Many developers believe that changes can be made quickly and easily to the software later on, but many systems are already too complex for that.
Self-confidence and professional competence through workshops and seminars
However, integration into the process alone is not enough: Everyone involved in the development process must be aware of their role and responsibility for system security – and actively fulfill it. The right level of motivation, expertise, and sense of responsibility is a crucial prerequisite. And these criteria are best met through professional training and regular, open, and critical dialogue among key personnel (developers and management).
Specialists like MicroConsult offer suitable solutions for all phases and roles of the development process Measures (seminars, workshops, consulting, project coaching, conferences) These measures enable companies to reduce risks and thus save time and money. Those responsible not only gain confidence and professional assurance, but also become more aware of the purpose and benefits of many of these measures. Furthermore, they have the opportunity to exchange ideas with specialists from other companies. This broader perspective provides valuable insights and inspiration for their own project work.
Conclusion
The topics Quality and Safety These principles run like a common thread through the entire development process. At every stage, there are meaningful measures to ensure quality and to verify, validate, or test security requirements. The first step towards secure, high-quality software is raising awareness of its necessity for the long-term success of the project.
Only those who are aware of the significance will address the problem during the development process and initiate appropriate measures. One of the most important and initial steps is to provide all project participants with relevant training and information tailored to their roles and responsibilities. While this doesn't guarantee secure software, it offers a very good chance of taming the dragons so professionally that they will bring us much enjoyment in the future.
Go to calendar view
Taming the dragon – Secure software from the start:
Part 1 „Developers under time pressure“
Taming the dragon – Secure software from the start:
Part 3 „Advice and statements on quality and safety“
Further information
MicroConsult Training & Coaching on the topic Quality, Safety & Security
MicroConsult expertise in the areas of quality, safety & security
Peter Siwon: Systemic project management
