As the world relies more and more on software, Software Improvement Group (SIG) acknowledges and deeply understands the risks associated with developing and using it. While software technology can be an enormous benefit to individuals, organizations, and society as a whole, it also presents serious risks. Many organizations don’t fully understand the software we all rely on so heavily, which may lead to various incidents. SIG aims to play a pivotal role for organizations worldwide by being the fully independent party to identify software risks that may occur.
We strive for a healthier digital world in everything we do.
To fulfill this role that we have defined for ourselves, we have formulated a number of key principles:
We are honest, trustworthy, genuine, and always aim to do the right thing – even if we have something to lose. Our reputation and long-term continuity are more important than any short-term success. We always have multiple employees working on engagements to facilitate peer review and ensure that our insights remain independent.
Never will we allow any external influence to steer the outcome of our analyses. We base our findings on facts that we have analyzed and verified ourselves, adhering to our strict quality processes. All can be assured that we have no interest in anything other than reporting on tangible findings.
We work according to the SIG Quality Principles that are rigorously applied and followed in pre-defined processes. Quality reviews are always part of the SIG process, including validation with the software owner and internal quality reviews. We work with automated tools to allow analysis of even the largest systems, guaranteeing a fast and repeatable analysis with 100% coverage. Enhancing automated results through human-intelligence-based analysis then provides the best possible outcome.
Fact-based, data-driven approach
In order to deliver against high quality and provide an independent view, we base our results on proper data that is carefully retrieved and verified by our team; analyzed according to pre-defined processes; and evaluated against global benchmarks where possible. Looking at software merely from the outside does not reveal sufficient information; the true facts can only be revealed by assessing the source code in its entirety.
Everything we do is done with the highest level of security principles in view. For this, we comply with relevant regulations and standards. Moreover, we aim to act as a role model and as an industry standard on this subject.
All engagements we perform lead to valuable and actionable insights for our customers. That is a guiding principle in all of our actions, proven in practice on a daily basis for more than 20 years.
We commit ourselves to providing world-class, independent analysis of software risks. Through our analysis, fully automated through our Sigrid® software assurance platform and enhanced with manual research, we strive towards full coverage of all software code and related development processes. Principally, we want to be able to analyze all different technologies and currently lead the industry with capabilities to analyze more than 280, with new additions each time an engagement demands so. With our vast experience, we have served hundreds of client organizations worldwide across industries, leading to a software analysis database of 50 billion lines of code. Striving for completeness does not imply a guarantee for completeness, as theoretically, it would be possible to miss the proverbial needle in the haystack. Based on our principles explained above, however, we do everything in our power to get as close to perfection as possible. We always ensure the receiver of our analysis gets an in-depth understanding of the risk profile of the analyzed system(s), with a clear list of improvement actions and roadmap.