Main Objective: Full Spectrum Software Assurance
SIG’s strategy is to provide a software assurance platform that integrates the full spectrum of analysis: software product quality, development process efficiency, and peoples competencies.
SIG is implementing its strategy in two major ways:
- First, by developing a software product –Sigrid– that analyzes and visualizes software portfolios and offers actionable insights. The product is highly automated and provides clients with a shared up-to-date vision of the current and future state of the assured software.
- Second, by engaging clients with specialized consulting, supported by the Sigrid platform, on principal software engineering concerns like software security, AI, and sustainability.
Looking forward to the coming years 2022 to 2026, SIG Research will fuel SIG’s strategy by advancing topics that increase the competitiveness of the Sigrid platform: by increasing its analysis scope, urgency of outcomes, and foremost its capability to provide actionable recommendations.
Integrated Models of Software Products, Process, and People
- Increase the competitiveness of SIG’s software assurance platform, Sigrid
- Facilitate automation through standardized models
SIG has developed several – now proven – models of software quality and process that are applied in the majority of our consulting projects. These models now form the heart of the Sigrid platform. For example, the ISO 25010-based SIG Maintainability Model is used to assess software products against an industry-standard benchmark.
Furthermore, security, reliability, performance efficiency, and other quality aspects models are in place to address client needs. To complement software product measurements, SIG created the Development Practices Assessment to analyze the processes surrounding software development. Finally, SIG consultants perform analyses of software development productivity and efficiency. These models will mature further through research and practical use in the coming years.
In 2021, SIG joined forces with EXIN, adding the capability to assess and certify people’s competencies. SIG’s future software assurance models will provide an integrated view of software assurance. The next generation of software assurance models will help organizations tackle the following questions at the portfolio level: Is the software built according to industry-standard quality levels? Have the development processes been organized to ensure quality and efficiency? Do the teams have the right competencies in place?
Shared Data Platform Linking Software Data From All Angles
- Increasing data competitiveness and availability
- Facilitating the organization with high-quality data
Since SIG launched its software measurement tools, we have kept a record of every measurement performed. The organization benefits from this ever-growing database in every engagement by providing tailored data analyses, calibrated and certified measurement tools, and frequent public reports on industry trends in software quality.
SIG’s data platform will continue to grow this unique knowledge base on enterprise software; collected, curated, and enriched by SIG and its partners. It will include data from different organizational divisions including, marketing & sales, delivery, technical operations, and finance.
The data SIG collects internally will be enhanced using market trend datasets, organizational factors, and people competency models. Furthermore, by integrating data streaming technology, the platform will generate relevant and timely insights to increase the productivity of developers and software portfolio owners.
Intelligent Automation Of Machine-Learnable Software Analysis
- Increase the efficiency of product and delivery
- Generate new ideas on applying AI & machine learning
SIG’s software measurement capability is a unification of a highly automated pipeline of tools. Our software assurance platform, Sigrid, ingests a client’s codebase, processes 350+ different programming languages, and produces actionable recommendations in a single location.
Some improvement remains in balancing the amount of automation and human input regarding certain aspects of software quality. Comparatively much time and expertise are needed to perform in-depth security code reviews. By investing in workflow automation and intelligent recommendation engines, the platform will increase the efficiency and scalability of SIG’s analyst workforce.
With more intelligent self-learning algorithms readily available, it is possible to automate a broader array of complex tasks in the SIG software analysis pipeline. Examples include; triage of security vulnerability reports, smart notification of critical events, and improved recommendations. SIG plans to augment our database of software measurements with custom workflow datasets from SIG’s consulting practice to train such algorithms.
Precise Online Monitoring Of Global Software Ecosystems
- Increasing competitiveness of software assurance platform
- Generating new product ideas
Modern software relies heavily on packages from public open-source ecosystems, with 80% of executed code originating from third-party libraries. This reality spurred the growth of software composition analysis (SCA) tooling that provides a Software Bill of Materials (SBOM) and points out the risks involved, chiefly based on public datasets. These datasets are rich and often relevant but lack curation and context to generate truly accurate recommendations.
SIG developed the OSS Health module within Sigrid to address client needs in this domain. Very soon, the scope of full-spectrum software assurance will be broadened and include all relevant code and activities. This will be irrespective of whether they come from third parties or local development teams. SCA will be just one tool in the analysis spectrum. Public datasets will need to be aggregated and enriched with context-relevant technical details to be beneficial.
SIG continues to invest in joint academic-industrial research projects Codefeedr and FASTEN. These projects explore novel technologies to process detailed event streams from major software ecosystems like GitHub. Examples of such streams are security vulnerabilities mapped to precise source code locations or development activities in software dependencies of client codebases.
With these technologies now available as prototypes, the next generation of software assurance will integrate these multifaceted capabilities. SIG will precisely point out affected code, provide more detailed remediation advice, and track relevant upstream changes as they happen in the global ecosystem.
Sustainable Software Development And Efficient Operation
- Enabling new product extensions
- Helping create a more energy-efficient digital world
In 2020, Harvard Business Review asked, How Green Is Your Software? They projected that data centers would consume 8% of the world’s electricity by 2030, up from 2% in 2020. Data centers are driven by applications, servers, cryptocurrency miners, and so on. The energy footprint of software continues to grow, a trend that is compounded with the inclusion of self-learning algorithms (AIs). With the cost of energy ever-increasing, concern regarding the environmental footprint is a topic of high priority in boardrooms globally.
Previous research at SIG has explored several approaches to assessing and measuring the energy efficiency of software, from hardware-level current measurements to modeling data center utilization and application-assignable usage.
Since then, the scientific field has detailed the footprint data of programming language constructs, library usage, and development tools. SIG plans to combine these insights into a model that gives instant advice to developers on how to reduce the software footprint and provide portfolio-level assessments for the boardroom.
Doing Great Research
Leading Scientific And Applied Research
SIG spun off from scientific research at the Center for Mathematics and Computer Science in 2000. The organization continued to maintain and grow its position in the scientific field and strengthen research capacity and disseminate knowledge back to the community through academic venues or journals.
The practical context of software assurance offered by SIG’s consulting practice provides rich data and experience from which scientific research benefits. At the same time, new ideas and technologies emerge in the scientific field for which SIG is positioned as an early adopter.
SIG participates in joint European, American, and National projects that involve consortia of academic and industrial research groups. SIG is part of committees that organize scientific events, editorial boards, and standardizing bodies at the national and international levels.
Hosting Talent In A State-Of-The-Art Environment
SIG sees great value in developing early-career talent. Fresh minds bring in new ideas, which SIG helps develop through its research internship program. Graduate students are offered a position in our research team for their graduation projects.
By focusing on scientific research and practical experiences, students benefit greatly and arrive at a highly relevant thesis with a good chance of publication. The bar to entry is high, with students often on track to achieve cum laude graduation and have great potential within the software assurance domain.
Innovating Through Multi-Disciplinary Team Efforts
SIG Research is embedded within the broader R&D organization of the company at a leadership level. Researchers directly contribute to team activities, client projects, and spearhead innovation.
Our vision of research is to nurture ideas into knowledge that can be practically applied and have a tangible impact, preferably as working software. The research team actively finds potential use cases and encourages the organization to adopt new innovations.
A hands-on approach is required where researchers participate in other teams to understand their needs and priorities. They get to share their in-depth knowledge while they perform piloting and integration activities.
More SIG Research online