SecDes - Security by Design Collective Research Project

Coock+ project SecDes

Researching how SaaS-teams can adopt security by design while keeping their velocity.

The SecDes project (in full By-Design Cybersecure Digital Products) focuses on companies that are building SaaS solutions. These companies, often small or medium-sized, are increasingly using complex software architectures within their products. Integrating effective security measures within these complex architectures is a difficult task. The risks of incidents and data breaches are real.

At the same time, many SaaS companies are feeling increasing pressure from the market, driven by legislation such as NIS2 and the European Cyber Resilience Act to demonstrate that their software is secure enough to manage their customers' often critical data.

The goal of this project, initiated by KULeuven DistriNet and SIRRIS and supported by VLAIO, is to help SaaS companies improve the security of their digital products, even if they have limited cybersecurity experience.

Focus of the project

Knowledge Buildup and Translation

Recent research results from the fields of threat modelling, application analysis and fuzzing will be translated into relevant bleuprints and case studies for the target group.

Practical Tooling

The project will evaluate how tooling can support SaaS teams in maintaining a security-by-design posture.

Documentation & Reporting

The project will evaluate how SaaS-teams can leverage investments in security-by-design towards their customers, as proof of their trustworthiness.

Partners

DistriNet is a KU Leuven research group embedded in the Department of Computer Science, and is part of the imec-KU Leuven Security and Privacy Center. The scope of DistriNet’s research is twofold: ICT security with an emphasis on secure software, secure systems, and software engineering for security, and distributed systems. DistriNet’s knowledge and expertise in these domains resulted in a strong international position in the domains of secure software, systems and services, and in security & privacy engineering.

Sirris is the collective knowledge centre of the Belgian technology industry that has more than 2,500 member companies and employs 140 experts. The implementation of this project will be done by the Sirris Software Engineering Lab, which supports companies in building secure software solutions. The lab has already been active for several years in the field of security and privacy and has a proven track record of industrial valorisation of research results and support of innovations/implementations of innovative solutions in companies.

The Agency for Innovation and Entrepreneurship (VLAIO) is a governmental organisation of the Flemish government for all entrepreneurs in FLanders. The mission of VLAIO is to stimulate and support innovation and entrepeneurship and to contribute to a favorable business-climate in Flanders.