14.11.2024
Reading time: 3-4 minutes

Enhancing security and efficiency in Digitaal Vlaanderen's software development

Software Improvement Group
Yellow dots

Results summary

Lines of code
0
Security risks mitigated
0
Main objectives identified
0

Introduction

As an agency of the Flemish government, Digitaal Vlaanderen (Digital Flanders) is the digital partner for Flemish and local authorities and employs over 600 employees. It was officially formed at the beginning of 2021, by merging Information Flanders with the ICT department of the Facilities Department.

Digitaal Vlaanderen realizes digital transformation projects and guides governmental organizations through every step of the process. They develop tailor-made solutions and platforms, such as MAGDA, the central platform of the Flemish government in Belgium.

SIG and the Digitaal Vlaanderen team

The challenge: Clean and secure coding while collaborating efficiently across the organization

The government maintains a significant amount of data from authentic sources at both federal and regional levels. In Flanders, MAGDA (Maximale GegevensDeling tussen Administraties) ensures that all authorized entities have access to these sources.

The MAGDA platform facilitates the secure and smooth exchange of data, including personal data, between citizens and governmental organizations.
To fulfill its aim, clean and secure coding is a must.

Managing open-source libraries

Just like most other large organizations, Digitaal Vlaanderen uses Open Source Software (OSS) in its development. While efficient and cost-effective, OSS also comes with serious security, licensing compliance, and legal risks. Digitaal Vlaanderen needs to continuously oversee security, implement a regular update process, adhere to open-source licenses, and actively engage with the communities. Furthermore, they must coordinate and manage these activities for all teams, systems, and technologies throughout the organization.

Ensuring maximum reliability, security, and privacy

As a governmental agency responsible for developing software that handles sensitive and private data, the reliability of those systems and mitigating security risks is of utmost importance. Digitaal Vlaanderen must continuously discover, prioritize, and resolve security vulnerabilities across its IT infrastructure and software, and ensure that they comply with the governmental KSZ minimale normen (MNM) legislation.

 

Optimizing the collaboration between management and development teams

Delivering exceptional products that are flexible, scalable, and future-proof is a complex challenge, especially when management and development teams can have differing perspectives. This is no different for Digitaal Vlaanderen. To overcome this, they must find a way to align business objectives with technical goals and vice versa.

Digitaal Vlaanderen is responsible for the digital transformation of the Flemish government, providing the Magda data-sharing platform to our partners for secure sharing of personal data in digital processes. The maintainability and security of our codebase are crucial.”Kelly Bonneure, Program Coordinator – MAGDA, Digitaal Vlaanderen. 

Working with Software Improvement Group

Software Improvement Group (SIG) had already worked with the Flemish government on multiple occasions, back when Digitaal Vlaanderen was still broken up into Information Flanders and the ICT department of the Facilities Department.

So, when looking for a solution to help solve these specific challenges, Digitaal Vlaanderen decided to work with SIG and its software assurance platform, Sigrid®.

Open source health insights

With Sigrid’s Open-Source Health feature, Digitaal Vlaanderen can conduct a thorough software composition analysis to directly tackle security vulnerabilities, licensing violations, and compliance issues within its libraries. This feature provides a comprehensive assessment across six key areas: known vulnerabilities, freshness, activity, stability, management, and legal licenses. It includes a benchmark-based star rating system, aligning with industry best practices and market data. Additionally, it uses CVSS scores to classify risks as low, medium, or high, enabling Digitaal Vlaanderen to quickly gauge potential impacts and prioritize resources effectively.

Secure and compliant

By diving deep into the source code, Digitaal Vlaanderen can now easily reveal hidden vulnerabilities that could compromise security or privacy. Because Sigrid offers actionable recommendations prioritized by risk, Digitaal Vlaanderen can secure its software portfolio, comply with regulations such as the KSZ minimale normen (MNM) legislation, and better apply “Privacy By Design” practices to ensure that data protection is integrated into the technology when created.

Unifying technology with business strategy

By using Sigrid’s Portfolio Objectives feature, Digitaal Vlaanderen can better align its technical roadmap with its business priorities and ensure that everyone is on the same page. Digitaal Vlaanderen can now easily set fully customizable objectives at portfolio, multi-system, or single-system levels to tailor targets based on each system’s unique characteristics.

Mockup of Sigrid platform
Figure 1: A Mockup visual of the Sigrid® platform
“Ensuring high-quality, secure software is crucial for any governmental organization. Working with Digitaal Vlaanderen exemplifies our dedication to helping governmental entities achieve their goals through adequate software governance.” – Luc Brandts, CEO of Software Improvement Group.
Tooling like Sigrid provides transparency, allowing us to manage our software proactively and maintain high standards. This is crucial for securely sharing personal data in our digital processes and staying ahead of potential security risks.”Kelly Bonneure, Program Coordinator – MAGDA, Digitaal Vlaanderen

Results

With Sigrid and SIG’s IT consulting services, Digitaal Vlaanderen can visualize its architecture as-is. As a result, they have improved their security and cross-departmental collaboration.

490,000 lines of code

Digitaal Vlaanderen has a vast code base of nearly half-a-million lines of code, spread across 16 different technologies. By having a clear and up-to-date overview of its entire portfolio, Digitaal Vlaanderen can focus on taking prioritized actions to improve its software when and where it matters most.

Mitigated over 1300 security risks

By continuously scanning the software portfolio, Digitaal Vlaanderen can now uncover vulnerabilities in its source code. Because SIG ranks risk by severity and impact, Digitaal Vlaanderen knows exactly which issues to tackle first and helps everyone in the organization understand the urgency of any threats. Since 2023, over 1,300 risks have been mitigated and there is clear visibility on which security findings to focus on next.

Improved IT-business alignment

By setting portfolio objectives, Digitaal Vlaanderen can better ensure its IT priorities directly support the overarching business strategy. Digitaal Vlaanderen created clear objectives that help them improve the maintainability, security, and reliability of their entire code base, and to mitigate licensing and security risks of their open-source libraries. As a result, developers can work in clean systems while management can focus on delivering software systems that are reliable, user-friendly, and secure for citizens and governmental organizations.

Ensure your software is always two steps ahead

Analyze your source code against the world’s largest code benchmark and get prioritized recommendations to help you pinpoint the initiatives most crucial for your organization.

Experience Sigrid live

Request your demo of the Sigrid® | Software Assurance Platform:
  • This field is for validation purposes and should be left unchanged.