Research at SIG
How can organizations be confident in the software they rely on every day?
From top to bottom, all employees at any organization, irrespective of industry, use software applications during their working day. Technology is now prevalent and directly impacts productivity, efficiency, revenue, and success.
This high dependency means complete software assurance is now indispensable. Organizations can only achieve this by considering the full spectrum of software: the quality of the product(s), the development processes, the proficiency of the teams, and the environmental impact. Software Improvement Group (SIG) Research will be investigating these themes to help organizations achieve a healthier digital world.
Gartner recently forecasted the global 2021 spend on enterprise software will surpass 600 Billion USD, with a projected growth rate of 12% for 2022. To put that number into context a 12% growth rate means spending would double every six years – Software is still eating the world!
Projected growth is not just a matter of increased scale, software analysts and technology leaders see an increase of complexity coupled with a higher bar of competition from start-ups and scale-ups. Cloud- and edge computing, microservice architecture, and digital transformation, are continuing challenges. Shifting-left on cybersecurity (DevSecOps), further automation of enterprise (data) architecture, and the integration of machine learning and AI technologies into mainstream production (AIOps) are of increasing priority. Rising energy costs are also forcing organizations to accelerate Green IT initiatives that improve the sustainability of data centers and applications.
SIG Research performs scientific and applied research to increase the capability of our software assurance platform and enable the enterprise to have confidence in their applications to reduce costs and accelerate growth. The increasing complexity of enterprise software demands novel ideas and approaches for offerings to remain competitive. SIG Research’s mission is to increase the flow of new ideas, test and validate them in an applied context, and contribute to the public body of knowledge on software engineering.
Main Objective: Full Spectrum Software Assurance
SIG’s strategy is to provide a software assurance platform that integrates the full spectrum of analysis: software product quality, development process efficiency, and peoples competencies.
SIG is implementing its strategy in two major ways:
- First, by developing a software product –Sigrid– that analyzes and visualizes software portfolios and offers actionable insights. The product is highly automated and provides clients with a shared up-to-date vision of the current and future state of the assured software.
- Second, by engaging clients with specialized consulting, supported by the Sigrid platform, on principal software engineering concerns like software security, AI, and sustainability.
Looking forward to the coming years 2022 to 2026, SIG Research will fuel SIG’s strategy by advancing topics that increase the competitiveness of the Sigrid platform: by increasing its analysis scope, urgency of outcomes, and foremost its capability to provide actionable recommendations.
Integrated Models of Software Products, Process, and People
SIG has developed several – now proven – models of software quality and process that are applied in the majority of our consulting projects. These models now form the heart of the Sigrid platform. For example, the ISO 25010-based SIG Maintainability Model is used to assess software products against an industry-standard benchmark.
Furthermore, security, reliability, performance efficiency, and other quality aspects models are in place to address client needs. To complement software product measurements, SIG created the Development Practices Assessment to analyze the processes surrounding software development. Finally, SIG consultants perform analyses of software development productivity and efficiency. These models will mature further through research and practical use in the coming years.
In 2021, SIG joined forces with EXIN, adding the capability to assess and certify people’s competencies. SIG’s future software assurance models will provide an integrated view of software assurance. The next generation of software assurance models will help organizations tackle the following questions at the portfolio level: Is the software built according to industry-standard quality levels? Have the development processes been organized to ensure quality and efficiency? Do the teams have the right competencies in place?
Shared Data Platform Linking Software Data From All Angles
Since SIG launched its software measurement tools, we have kept a record of every measurement performed. The organization benefits from this ever-growing database in every engagement by providing tailored data analyses, calibrated and certified measurement tools, and frequent public reports on industry trends in software quality.
SIG’s data platform will continue to grow this unique knowledge base on enterprise software; collected, curated, and enriched by SIG and its partners. It will include data from different organizational divisions including, marketing & sales, delivery, technical operations, and finance.
The data SIG collects internally will be enhanced using market trend datasets, organizational factors, and people competency models. Furthermore, by integrating data streaming technology, the platform will generate relevant and timely insights to increase the productivity of developers and software portfolio owners.
Intelligent Automation Of Machine-Learnable Software Analysis
SIG’s software measurement capability is a unification of a highly automated pipeline of tools. Our software assurance platform, Sigrid, ingests a client’s codebase, processes 350+ different programming languages, and produces actionable recommendations in a single location.
Some improvement remains in balancing the amount of automation and human input regarding certain aspects of software quality. Comparatively much time and expertise are needed to perform in-depth security code reviews. By investing in workflow automation and intelligent recommendation engines, the platform will increase the efficiency and scalability of SIG’s analyst workforce.
With more intelligent self-learning algorithms readily available, it is possible to automate a broader array of complex tasks in the SIG software analysis pipeline. Examples include; triage of security vulnerability reports, smart notification of critical events, and improved recommendations. SIG plans to augment our database of software measurements with custom workflow datasets from SIG’s consulting practice to train such algorithms.
Precise Online Monitoring Of Global Software Ecosystems
Modern software relies heavily on packages from public open-source ecosystems, with 80% of executed code originating from third-party libraries. This reality spurred the growth of software composition analysis (SCA) tooling that provides a Software Bill of Materials (SBOM) and points out the risks involved, chiefly based on public datasets. These datasets are rich and often relevant but lack curation and context to generate truly accurate recommendations.
SIG developed the OSS Health module within Sigrid to address client needs in this domain. Very soon, the scope of full-spectrum software assurance will be broadened and include all relevant code and activities. This will be irrespective of whether they come from third parties or local development teams. SCA will be just one tool in the analysis spectrum. Public datasets will need to be aggregated and enriched with context-relevant technical details to be beneficial.
SIG continues to invest in joint academic-industrial research projects Codefeedr and FASTEN. These projects explore novel technologies to process detailed event streams from major software ecosystems like GitHub. Examples of such streams are security vulnerabilities mapped to precise source code locations or development activities in software dependencies of client codebases.
With these technologies now available as prototypes, the next generation of software assurance will integrate these multifaceted capabilities. SIG will precisely point out affected code, provide more detailed remediation advice, and track relevant upstream changes as they happen in the global ecosystem.
Sustainable Software Development And Efficient Operation
In 2020, Harvard Business Review asked, How Green Is Your Software? They projected that data centers would consume 8% of the world’s electricity by 2030, up from 2% in 2020. Data centers are driven by applications, servers, cryptocurrency miners, and so on. The energy footprint of software continues to grow, a trend that is compounded with the inclusion of self-learning algorithms (AIs). With the cost of energy ever-increasing, concern regarding the environmental footprint is a topic of high priority in boardrooms globally.
Previous research at SIG has explored several approaches to assessing and measuring the energy efficiency of software, from hardware-level current measurements to modeling data center utilization and application-assignable usage.
Since then, the scientific field has detailed the footprint data of programming language constructs, library usage, and development tools. SIG plans to combine these insights into a model that gives instant advice to developers on how to reduce the software footprint and provide portfolio-level assessments for the boardroom.
Doing Great Research
Leading Scientific And Applied Research
SIG spun off from scientific research at the Center for Mathematics and Computer Science in 2000. The organization continued to maintain and grow its position in the scientific field and strengthen research capacity and disseminate knowledge back to the community through academic venues or journals.
The practical context of software assurance offered by SIG’s consulting practice provides rich data and experience from which scientific research benefits. At the same time, new ideas and technologies emerge in the scientific field for which SIG is positioned as an early adopter.
SIG participates in joint European, American, and National projects that involve consortia of academic and industrial research groups. SIG is part of committees that organize scientific events, editorial boards, and standardizing bodies at the national and international levels.
Hosting Talent In A State-Of-The-Art Environment
SIG sees great value in developing early-career talent. Fresh minds bring in new ideas, which SIG helps develop through its research internship program. Graduate students are offered a position in our research team for their graduation projects.
By focusing on scientific research and practical experiences, students benefit greatly and arrive at a highly relevant thesis with a good chance of publication. The bar to entry is high, with students often on track to achieve cum laude graduation and have great potential within the software assurance domain.
Innovating Through Multi-Disciplinary Team Efforts
SIG Research is embedded within the broader R&D organization of the company at a leadership level. Researchers directly contribute to team activities, client projects, and spearhead innovation.
Our vision of research is to nurture ideas into knowledge that can be practically applied and have a tangible impact, preferably as working software. The research team actively finds potential use cases and encourages the organization to adopt new innovations.
A hands-on approach is required where researchers participate in other teams to understand their needs and priorities. They get to share their in-depth knowledge while they perform piloting and integration activities.