SECDES helps small and midsize software companies strengthen secure software development without slowing down delivery. Companies building Software-as-a-Service products face a difficult mix of architectural complexity, cloud deployment models, third-party integrations, and continuous release pressure, which makes it easy for security to be postponed until late in development.
At the same time, customers, partners, and regulators increasingly expect clear evidence that software is designed, tested, and maintained securely. SECDES turns research in secure software engineering into events, materials, tooling guidance, and reporting practices that smaller teams can actually use.
Audience
SaaS SMEs
Built for smaller software teams that need practical security improvements, not heavyweight process.
Approach
Applied research
We translate strong security engineering practices into formats teams can actually adopt.
Coverage
3 workstreams
The project combines knowledge transfer, practical tooling, and security reporting.
Project scope
Companies that develop Software-as-a-Service solutions deal with complex architectures, integrations, and cloud-native deployments. Those realities make security harder to reason about and easier to postpone. SECDES addresses that gap by lowering the barrier to secure software design, testing, and evidence gathering.
Customers are also more alert to software risk, data protection, and supply-chain exposure, while frameworks such as NIS2 and the Cyber Resilience Act raise the bar for showing how products are secured. For small and midsize companies, that creates a clear gap between what is expected and what is feasible with limited in-house security expertise.
The project is especially relevant for software companies in Flanders that want stronger application security practices but do not have large dedicated security teams.
Core topics
SECDES makes advanced methods from security engineering more accessible and more practical. The project focuses on lightweight, cost-effective approaches that help companies design, test, and explain the security of their products in ways that fit real engineering work.
The goal is not only better protection. It is also stronger competitiveness, faster time-to-market, and more credible conversations with customers, partners, and regulators.
Why this matters now
SECDES exists to help teams respond to rising customer expectations, stronger regulatory attention, and the practical reality of limited internal security capacity.
Customers increasingly ask for evidence that software is built and operated with strong security practices. Many SaaS companies face that expectation before they have the internal structure to answer it well.
Frameworks such as NIS2 and the Cyber Resilience Act have made secure development, supply-chain awareness, and security evidence more visible business concerns.
SECDES focuses on approaches that respect limited time, limited staff, and the need to keep shipping product while steadily improving security maturity.
The project covers the full path from insight to action: understanding secure development practices, selecting effective tools, and documenting decisions so teams can demonstrate security maturity.
Threat modeling, application security engineering, and secure software development are often documented for large organizations, not lean SaaS teams. SECDES translates those methods into practical guidance, examples, and case studies that fit smaller product organizations.
The project compares approaches, explains trade-offs, and highlights tools that can support secure design, testing, and verification in realistic SaaS environments. The goal is to reduce adoption friction and help teams make informed tooling choices.
Security work only becomes valuable to customers, auditors, and stakeholders when teams can explain it clearly. SECDES helps companies structure design decisions, evidence, and reporting so they can communicate maturity with confidence.
What participants get
Learn how to think about architecture, trust boundaries, and risks early enough to influence product decisions.
Understand where scanning, testing, and threat modeling tools help, and where they create unnecessary friction.
Build the reporting discipline needed for conversations around NIS2, supply chain security, and secure development expectations.
Security by design should support delivery, not stall it. The project focuses on approaches that work for smaller teams.
Next steps
Whether you are exploring threat modeling, secure development processes, API security, SBOM practices, or pentesting preparation, the SECDES deliverables are designed to help you move from awareness to implementation.
