Inspiration
Blog

Secure Software Development: Our Approach

Bekijk whitepaper
Written on
14 October 2024
by
Christian Boer
Partner & Thinker
Share
In a world where software is the basis of almost every business, security is no longer a choice but a must. At Blis Digital, we know that better than anyone. For almost 20 years, we have been developing software for web, mobile, cloud and AI. We use both full code and low code to build customized solutions. And although technology continues to evolve rapidly, many security risks from twenty years ago are still current. New threats are added every year, which requires a strong, forward-looking approach. That's why Secure Software Development (SSD) is at the core of how we work and the way to make safe and sustainable software. In this blog, I'll tell you how we approach that and what steps we take to develop secure software.

The evolution of software security

Over the past twenty years, cyber threats have increased significantly. Take, for example, the OWASP Top-10, a list of common vulnerabilities that has continued to grow since 2004. Some risks have been reduced over the years. For example, CSRF (Cross-Site Request Forgery) — an attack where a malicious user tricks a victim into taking unintended actions on a website where they're logged in — was once a major problem. Fortunately, modern web browsers and web application frameworks have effectively mitigated this risk. However, many security issues persist. This highlights that good security goes beyond using a few tools or temporary solutions. It requires constant attention, expertise, and a structured approach at every stage of software development.

Of course, tools like SAST (Static Application Security Testing) and AI solutions like GitHub Copilot help build secure software faster. But without the right mindset and a good process, vulnerabilities always remain. Security is a culture that must be deeply rooted in every development team.

What is the “Grip on Secure Software Development” framework?

At Blis Digital, we have been working with the “Grip on Secure Software Development” (SSD) framework for years. This framework, developed by the Center for Information Security and Privacy Protection (CIP), helps companies make software secure. Although the framework is no longer being actively updated, the core principles are still up to date and valuable.

The SSD framework is built around three pillars:

  1. Contact moments: Fixed moments during the development process to evaluate and adjust security.
  1. Standard security requirements: A set of requirements that serves as the basis for any software development.
  1. Control over SSD processes: Processes to track risks, keep security requirements up to date and improve the team's security approach.

This framework provides a convenient structure without restricting the way we work. It helps us find the right balance between safety and flexibility.

I'll explain the three pillars in more detail below.

1. Contact moments: Safety always on the agenda

At Blis Digital, we integrate safety from the start of every project. We follow five key contact points to ensure that the software meets all requirements:

  1. Setting security requirements: Before writing a single line of code, we analyse the risks and set security requirements.
  1. Code reviews: Regular code checks to find vulnerabilities early.
  1. Security tests: During the project, we carry out security tests to verify that the software meets the requirements
  1. Acceptance of risks: Sometimes not all security requirements can be implemented immediately. In that case, we will discuss which risks are acceptable.
  1. Pentesting: Before the software goes into production, let's perform penetration tests to check for vulnerabilities.

2. Standard Security Requirements: A basis to build on

By using standard security requirements in projects, we create consistency and don't have to reinvent the same measures over and over again. Our baseline includes standards and best practices such as OWASP ASVS (Application Security Verification Standard) and ISO/IEC 27002, which help us build security into the design of our software from the start. For example, OWASP ASVS helps us prevent common vulnerabilities, such as SQL injections where attackers can enter malicious code. ISO/IEC 27002 also provides guidelines for issues such as access control and security training for employees.

A safe development environment is just as important as the security in the software, because it ensures that our developers can work on a reliable product in a controlled and protected environment.

In addition, we use a classification system based on Availability, Integrity and Confidentiality (BIV). This helps us select the right measures based on the sensitivity of the data and the impact of the software.

3. SSD Processes: Process Management and Continuous Learning

Security is not a static goal, but an ongoing process. The SSD processes at Blis Digital are aimed at improving how we work. We carry out regular risk analyses and keep our security requirements up to date by monitoring new threats. Our processes are structured to take our organization to a higher level of maturity, as described in the Capability Maturity Model (CMM), a framework that helps assess the maturity of processes within an organization.

An important part of this is the regular execution of Business Impact Analyses (BIA) and Privacy Impact Analyses (PIA). By performing these analyses periodically, we ensure that we continuously comply with both our security requirements and legal requirements, such as the GDPR. This enables us to identify and address security risks and privacy issues in a timely manner, keeping our approach always up to date.

Security starts with common sense

While tools like SAST and DAST (Dynamic Application Security Testing) help us technically verify security requirements, the core of good security lies in a thorough risk assessment and common sense. Sometimes, the simplest solution, such as minimizing data storage, can be the most effective. For example, a seemingly harmless function such as exporting data to Excel can unintentionally lead to data leaks if that data ends up on multiple computers.

Conclusion: Safety as a core value

At Blis Digital, we understand that the digital world is full of risks, but we also see it as our responsibility to make those risks manageable. By developing secure software, we ensure that our customers can focus on their core activities without worrying about security issues.

Security isn't a sprint, it's a marathon. With a structured approach such as SSD, we ensure that we can continue to develop safe software step by step, with the right tools, in a safe environment and with common sense. Because to develop software safely, you have to develop software safely.

Want to know more?

Want to know more about Secure Software Development? Then feel free to contact us. We'd love to tell you more about it. You can already read more about how we modernize software.

Insights

Keep exploring

Bekijk alles
Stay up-to-date. Always free.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Blog
August 26, 2025
Blog
August 26, 2025

Why many software companies are in danger of missing out on the AI boat

Blog
August 26, 2025
Blog
August 26, 2025

Automatically create Dataverse tables with AI

News
September 1, 2025
News
September 1, 2025

Tio Business School focuses on AI innovation with the rollout of Cogniti

Blog
August 26, 2025
Blog
August 26, 2025

Legacy code modernization with AI

News
September 1, 2025
News
September 1, 2025

Blinqx chooses Blis Digital as partner to accelerate AI-first ambition

Whitepaper
August 26, 2025
Whitepaper
August 26, 2025

Whitepaper: The foundation of an AI-first company

Do you want to become part of Blis Digital?

Check out our vacancies

Discover all