Mendix and Software Improvement Group Launch a
New Software Application Quality and Security Scanning Solution



  • Mendix offers the Quality & Security Management (QSM) solution as a cloud service powered by independent technology and advisory firm, Software Improvement Group (SIG)

  • The new solution will help thousands of Mendix customers around the world improve application governance, deliver full-picture software security scanning, and reduce technical debt


BOSTON January 19, 2023Mendix, a Siemens business and global leader in modern enterprise application development, and Software Improvement Group (SIG), an independent technology and advisory firm for software quality, security and improvement, have announced the release of Mendix Quality & Security Management (QSM), a new cybersecurity solution that provides continuous deep-dive insights into security and code quality to immediately address risks and vulnerabilities. The introduction of Mendix QSM enables enterprises to fuel innovation and growth, while managing cyber risks and building future-fit software.

The Mendix low-code development platform enables companies to accelerate the delivery of  new innovations. Succeeding the Mendix Application Quality Monitor (AQM), the new Mendix QSM solution provides IT management, quality assurance teams, and software security experts deep visibility across the entire portfolio of Mendix applications. This enables close control of the software development process without compromising the quality and security of software, ensuring that security oversight is always top of mind for customers.

Mendix QSM is powered by Sigrid®, SIG’s software assurance guiding platform. Combining more than 20 best-of-class security scanning tools, it provides a comprehensive overview of how security findings impact business objectives. With Mendix QSM, Mendix clients can scan their Mendix applications, including third-party libraries, for vulnerabilities and incorrectly configured security models, rank for compliance with main industry standards such as OWASP, ISO 5055 and PCI, and receive recommendations and clear guidance on risk mitigation.

Mendix QSM is based on static analysis of application models. Mendix models have been mapped to the ISO 25010 Maintainability model by SIG experts based on the Mendix model metadata. This allows for benchmarking of Mendix applications against a database of thousands of projects, including open-source initiatives. Mendix QSM also presents a five-star rating of the software quality. For example,  a four-star software rating means issues are resolved three times faster, throughput increases seven-fold, and productivity increases almost 11-fold compared to a two-star rating.

“Mendix and SIG have been Original Equipment Manufacturer (OEM) partners since 2016”, said Hans de Visser, chief product officer at Mendix. “In the past six years, we have strived to empower our customers with fast software development and best-of-industry governance tooling to build future-proof applications. Security is top of mind for our customers and the new cybersecurity capabilities in Mendix Quality & Security Management is a logical extension to cater to the increasing security demands and requirements of our customers. Mendix and SIG expanded the OEM partnership to help Mendix customers manage the quality of their applications proactively, ensuring faster issue resolution with higher technical quality of software.”

Luc Brandts, group CEO at SIG, said, “With the number of cyber attacks growing every day, it is crucial for organizations worldwide to manage the build quality and security of their IT landscapes in a continuous fashion. We are providing this service as part of our quality assurance commitment to our customers. This new and improved joint security solution offers Mendix clients from bit to boardroom the transparency and continuous security insights they require in order to build business-ready applications with total confidence.”

SIG inspects and certifies thousands of software systems per year on technical quality according to ISO/IEC 25010 and will continue to add new scanning tools and rules to QSM as part of its ongoing service.

About Mendix
In a digital-first world, customers want their every need anticipated, employees want better tools to do their jobs, and enterprises know that sweeping digital transformation is the key to survival and success. Mendix, the low-code engine of the Siemens Xcelerator platform, is quickly becoming the application development platform of choice to drive the enterprise digital landscape. Mendix’s industry-leading low-code platform, dedicated partner network, and extensive marketplace support advanced technology solutions that boost engagement, streamline operations, and relieve IT logjams. Built on the pillars of abstraction, automation, cloud, and collaboration, Mendix dramatically increases developer productivity and engages business technologists to create apps guided by their particular domain expertise. Mendix empowers enterprises to build apps faster than ever; catalyzes meaningful collaboration between IT and business experts; and maintains IT control of the entire application landscape. Consistently recognized as a leader and visionary by leading industry analysts, the platform is cloud-native, open, extensible, agile, and proven. From artificial intelligence and augmented reality to intelligent automation and native mobile, Mendix and Siemens Xcelerator are the backbone of digital-first enterprises. The Mendix low-code platform is used by more than 4,000 companies worldwide, over 200,000 applications have already been realized, and the active community comprises more than 300,000 developers.

About SIG

Software Improvement Group (SIG) guides business and technology leaders to drive their organizational objectives by fundamentally improving the health and security of their software applications. SIG offers Sigrid® - the software assurance guiding platform - to partners and enterprise organizations to help them measure, evaluate and improve code quality.SIG has the world’s largest software benchmark with more than 75 billion lines of code across more than 300 technologies. The SIG laboratory has been accredited according to ISO/IEC 17025 for software quality analysis. Founded in 2000, SIG is headquartered in Amsterdam with regional offices in New York, Frankfurt, Brussels, Malmö and Copenhagen.

More information: www.softwareimprovementgroup.com
10.06.2024
Reading time: 2-3 minutes

SIG M&A Software Analysis Reveals Concerning Trends In Software Quality

NEW YORK, NY, USA, June 10, 2024

Software Improvement Group (SIG), the leading independent institute specializing in software health analysis, has significant concerns about the quality of software involved in mergers and acquisitions (M&A). Out of 531 M&A-related software projects analyzed, SIG found that the average software quality scores were significantly below the market average. This implies that companies face two times lower development efficiency and a considerably higher risk of defects and vulnerabilities.

Key findings

  • Quality Scores Below Market Average: The study revealed that software involved in these transactions often lags behind industry standards, presenting substantial risks for acquirers.
  • High Technical Debt: On average, technical debt constitutes 31% of the total code volume, indicating severe underlying issues in software maintainability and scalability.
  • Informed Investment Decisions: Companies that utilized SIG’s software economics methodology were able to make strategic investments to mitigate these technical debt challenges effectively.

SIG possesses unparalleled expertise and resources to assess the build quality, scalability, and security of software assets. With the world’s largest software metrics database, encompassing an impressive 200 billion lines of code and 18,000 system inspections spanning over 300 technologies, SIG provides comprehensive evaluations that stand as a testament to our unwavering dedication to creating a healthier digital world.

Luc Brands, CEO of Software Improvement Group: “At SIG, we believe private equity firms are not as in control as they could and should be. Through software economics, we ensure thorough code analysis, benchmarking, architecture investigation, and cost modeling. This approach guarantees clarity regarding the true scalability of acquired assets.”

To further facilitate this conversation, Software Improvement Group and Carnegie Mellon University (CMU) will be hosting a webinar titled “Software Economics for Private Equity: How to Evaluate the Quality and Value of Software Assets” on June 27th. The webinar will provide private equity companies with insights into the importance of software asset valuation. Private equity firms are invited to join the webinar to gain valuable knowledge and insights from industry experts.

In conclusion, software assets represent a significant opportunity for private equity firms to drive value creation. By embracing advanced software economics and leveraging SIG’s expertise, private equity firms can make informed decisions that maximize returns and mitigate risks in their software investments.

For more information about SIG and to register for the upcoming webinar, please visit Software Improvement Group’s webinar page.

For the full report, visit the benchmark report.

About SIG
Software Improvement Group (SIG) leads in traditional and AI software quality assurance, empowering businesses and governments worldwide to drive success with reliable and robust IT systems. Sigrid® – its software excellence platform – analyzes the world’s largest benchmark database of over 200 billion lines of code across more than 18,000 systems in 300+ technologies, and intelligently recommends the most crucial initiatives for organizations. SIG complies with multiple ISO/IEC standards, including ISO/IEC 27001 and 17025, and has co-developed ISO/IEC 5338, the new global standard for AI lifecycle management.
SIG was founded in 2000 and has offices in New York, Copenhagen, Brussels, and Frankfurt, and is headquartered in Amsterdam.

Sigrid®, together with expert consultants, and nearly 25 years of industry-leading research, position Software Improvement Group as the foremost authority on software excellence.

For more information, please visit Software Improvement Group’s website or social media channels.

Experience Sigrid live

Request your demo of the Sigrid® | Software Assurance Platform:
  • This field is for validation purposes and should be left unchanged.

Free AI readiness guide for organizations

Practical steps for executives and IT leaders to successfully implement AI in business