---

---

04.05.2026 14:37

No More Blind Trust in Software

Michael Lindner Presse
Agentur für Innovation in der Cybersicherheit GmbH

No More Blind Trust in Software
3S aims to make software security transparent, measurable, and comparable for end users
On April 28, 2026, the Agentur für Innovation in der Cybersicherheit GmbH (Cyberagentur) published the call for proposals for the “Software Security Score (3S)” research program. The program’s aim is to make software security transparent, measurable, and comparable. A virtual partnering event held in the run-up to the call had already generated significant interest and demonstrated that there is a high demand in academia and industry for viable solutions for the systematic evaluation of software security.

With the published call for proposals, the Cyberagentur is moving the “Software Security Score (3S)” research program into its next phase. Interested parties from academia, industry, and the startup ecosystem can apply to participate by June 11, 2026.
3S aims to move software security away from the realm of abstract quality seals and individual criteria that are difficult to compare, and to translate it into a comprehensible, reproducible, and broadly applicable evaluation framework. The focus is on developing a novel metric that will allow security-relevant properties of software to be systematically captured and consolidated into a comprehensible score. The goal is to ensure that software security is no longer described only in isolated instances or symbolically, but rather made subject to differentiated and effective evaluation.

The background to the research program is the growing pervasiveness of software in everyday life. Whether in banking applications, mobile services, or connected devices in the home environment: for users, it often remains unclear how secure an application actually is. This lack of transparency complicates decision-making as well as the enforcement of end-users’ legitimate interests. 3S addresses precisely this vulnerability and aims to make security a more tangible, verifiable property of digital products and to contextualize it in relation to the intended use case.

The underlying concept of security is deliberately broader than in many existing certification and labeling approaches. In this research program, security is not understood as a static state, but as a dynamic process that arises from the usage context, system environment, interaction with other software and hardware, and the entire lifecycle of a product. The planned Software Security Score must consolidate these factors in a way that is both technically robust and adaptable to different application contexts. Additionally, it is intended that parts of the assessment be comprehensible or verifiable by users themselves.
The program’s disruptive potential lies in overcoming binary security logics. While conventional seals and certificates often allow only limited statements, 3S is intended to enable a graded, transparent, and robust classification of software security. This not only provides users with greater clarity but also serves as a strategic impetus for manufacturers to integrate security into development processes earlier, more systematically, and in a more transparent manner.

Even prior to the call for proposals, the Cyberagentur had held a virtual partnering event on February 5, 2026. The event had met with a great response. Researchers, companies, startups, and other stakeholders from academia and industry had taken the opportunity to exchange views at an early stage on the program’s objectives, key focus areas, and framework conditions. At the same time, the event served to facilitate structured networking among potential participants and to initiate potential bidding consortia. The high level of interest underscored that there is a significant need for new, scientifically sound methods for evaluating software security and that there is broad-based willingness to implement such approaches in practice.

“With 3S, we addressed a central structural problem in the digital society: software security has so far been largely opaque to many users, often insufficiently comparable for manufacturers, and only limitedly representable in the market. The verifiability of the score is based on a seamless chain of custody that documents all underlying data, analysis processes, and evaluation steps in a traceable and verifiable manner. The significant interest even prior to the call for proposals clearly demonstrated that there is an enormous need for a robust, quantitatively comparable evaluation—and that, at the same time, there is a high level of willingness to translate such approaches into concrete technical solutions,” said Lars-Martin Knabe, Research Officer for a Secure Society at the Cyberagentur.

With this call for proposals, the Cyberagentur provided further impetus for research at the intersection of technological excellence, digital sovereignty, and practical applicability. The 3S research program was intended to contribute not only to a better understanding of software security but also to making it more effective, transparent, and comparable in everyday digital life.

The call for proposals was published on e-Vergabe under contract notice number CAEU-WD/2026-015 (https://www.evergabe-online.de/tenderdetails.html?0&id=855455). The deadline for submissions is June 15, 2026, at 11:00 a.m. Interested research institutions, companies, and startups can express their interest in participating immediately. Participation is possible both individually and as part of a consortium.

Further information:

https://www.cyberagentur.de/programme/3s
https://www.cyberagentur.de/presse/sicherheitsluecken-wachsen-schneller-als-der-...

Contact:

Agency for Innovation in Cybersecurity GmbH
Große Steinstraße 19
06108 Halle (Saale)
Michael Lindner
Press Officer
Phone: +49 151 44150 645
Email:presse@cyberagentur.de

Background: Cyberagentur

The Agentur für Innovation in der Cybersicherheit GmbH (Cyberagentur) was founded in 2020 by the German Federal Government as a wholly owned in-house entity of the German Federal Government under the joint leadership of the German Federal Ministry of Defence and the German Federal Ministry of the Interior and Community, with the aim of adopting an application-strategy-oriented and interministerial perspective on internal and external security in the field of cybersecurity. Against this backdrop, the work of the Cyberagentur is primarily aimed at the institutionalized implementation of highly innovative projects that carry a high risk with regard to achieving their objectives but, at the same time, have the potential to cause significant disruption if successful.

The Cyberagentur is an integral part of the National Security Strategy of the Federal Republic of Germany.

The Cyberagentur is led by Prof. Dr. Christian Hummert as Scientific Director and Bettina Bubnys as Commercial Director.

---

Wissenschaftliche Ansprechpartner:

Lars-Martin Knabe, Research Officer Trustworthy technical value chains

---

Originalpublikation:

https://www.cyberagentur.de/en/press/schluss-mit-blindem-softwarevertrauen/

---

Weitere Informationen:

https://www.cyberagentur.de/en/programs/3s/
https://www.cyberagentur.de/en/press/sicherheitsluecken-wachsen-schneller-als-de...

---

<
With 3S, the Cyberagentur aims to make software security transparent, measurable, and comparable for ...
Quelle: magnific/Cyberagentur
Copyright: Cyberagentur

---

Merkmale dieser Pressemitteilung:
Journalisten, Studierende, Wirtschaftsvertreter, Wissenschaftler
Informationstechnik, Mathematik, Physik / Astronomie, Wirtschaft
überregional
Forschungsprojekte, Organisatorisches
Englisch

---