Software and software development are becoming increasingly complex every day, and being able to easily assess, understand, and communicate the current state of your software products is crucial. This task is further complicated by the fact that an increasing number of stakeholders with diverse backgrounds, possibly non-technical, must understand certain aspects of your software.

In this talk, we will first give an overview of the challenges in assessing and communicating the current state of a software product to different stakeholders. Therefore, we introduce the term software product health, an aggregation of information about a product’s security, quality, sustainability, and compliance. Afterwards, we demonstrate how we have developed the Software Product Health Assistant (SPHA) as an open-source tool to automatically assess a product’s health score and effectively communicate it to decision-makers while enabling developers to take action based on the score.

Our listeners will learn how to benefit from combining data from different, already existing tools within their development process to generate new insights. Therefore, we introduce two exemplary KPIs that highlight the possibilities generated by combining data from different phases of the development process. First, we demonstrate how to enhance vulnerability information by integrating vulnerability scanner results with insights from threat models. This combination supports the vulnerability management process and facilitates the easier triage of discovered vulnerabilities. Secondly, we demonstrate how to utilize data from version control systems to identify potential issues with your software development process. Therefore, we analyze the configurations of the version control system and compare these configurations with the real world. Differences between these configurations and how developers work might give hints to potential problems in the development process.

Co-author: 

• Benedict Wohlers, Fraunhofer IEM, Institute for Mechatronic Systems Design

Short Bio:

Jan-Niclas Strüwer is a Research Associate and Business Developer at Fraunhofer IEM in Paderborn. For more than 8 years he has been working on the topics of software architecture, software security, and automated quantification of software. In 2022, he graduated from the Software Campus development program for future IT executives. In his PhD he focuses on automatically quantify and predicting cybersecurity risk. In his work as Business Developer, he focuses on bringing the technical results of his research into industry. There his focus is the Software Product Health Assistant (SPHA), a fully automated tool suite to assess and communicate a product’s overall health.

Thursday, September 25, 4.30 PM