3S aims to make software security comprehensible, measurable and comparable for end users
The Agentur für Innovation in der Cybersicherheit GmbH (Cyberagentur) published the call for proposals for the “Software Security Score (3S)” research program on 30 April 2026. The aim of the program is to make software security traceable, measurable and comparable. A virtual partnering event had already generated a great deal of interest in the run-up to the event and showed that there is a high demand in science and industry for viable solutions for the systematic assessment of software security.
With the published call, the Cyberagentur is taking the “Software Security Score (3S)” research program to the next phase. Interested stakeholders from science, industry and the start-up ecosystem can apply to participate until June 11, 2026.
3S aims to take software security out of the realm of abstract seals of approval and individual criteria that are difficult to compare and transfer it into a comprehensible, reproducible and widely applicable evaluation logic. The focus is on the development of a new type of metric with which security-relevant properties of software can be systematically recorded and combined into a comprehensible score. The aim is no longer to describe software security only selectively or symbolically, but to make it differentiated and effectively assessable.
The background to the research program is the growing penetration of software in everyday life. Whether in banking applications, mobile services or networked devices in the home, it is often unclear to users how secure an application actually is. This lack of transparency makes decisions difficult, as does the enforcement of the legitimate interests of end users. 3S addresses precisely this weak point and aims to make security more tangible as a verifiable property in digital products and to put it in relation to the desired use case.
The underlying concept of security is deliberately broader than in many existing certification and labeling approaches. In the research program, security is not understood as a static state, but as a dynamic process that results from the context of use, the system environment, the interaction with other software and hardware and the entire life cycle of a product. The planned software security score must combine these factors in a form that is both technically robust and suitable for different application contexts. In addition, it is intended that parts of the assessment should be comprehensible or verifiable for users themselves.
The disruptive potential of the program lies in overcoming binary security logic. While conventional seals and certificates often only allow limited statements, 3S is intended to enable a graduated, transparent and reliable classification of software security. This not only provides users with guidance, but also provides a strategic impetus for manufacturers to integrate security into development processes earlier, more systematically and more comprehensibly.
The Cyberagentur had already held a virtual partnering event on February 5, 2026 in the run-up to the tender. The event was very well received. Researchers, companies, start-ups and other stakeholders from science and industry took the opportunity to discuss the program’s objectives, focus areas and framework conditions at an early stage. The event also served as a structured networking opportunity for potential participants and the initiation of possible bidding consortia. The high level of interest underlined that there is a considerable need for new, scientifically viable methods for evaluating software security and that there is a broad-based willingness to implement corresponding approaches in practice.
“With 3S, we addressed a central structural problem of the digital society: software security has so far been barely transparent for many users, often not sufficiently comparable for manufacturers, and only limited in its effectiveness for the market. The verifiability of the score is based on a seamless chain of custody that documents all underlying data, analysis processes and evaluation steps in a comprehensible and verifiable manner. The high level of interest in the run-up to the tender clearly showed that there is an enormous need for a reliable, quantitatively connectable assessment – and that there is also a great willingness to translate such approaches into concrete technical solutions,” said Lars-Martin Knabe, Research Officer for Secure Society at the Cyberagentur.
With this call for proposals, the Cyberagentur provided further impetus for research at the interface of technological excellence, digital sovereignty and practical applicability. The 3S research program should not only contribute to a better understanding of software security, but also make it more effective, transparent and comparable in everyday digital life.
The invitation to tender was published on e-Vergabe with the contract notice number CAEU-WD/2026-015(https://www.evergabe-online.de/tenderdetails.html?0&id=855455). The deadline for participation is 15.06.2026 11:00 am. Interested research institutions and companies as well as start-ups can register their participation with immediate effect. Participation is possible both alone and in a consortium.
Further information and registration:
https://www.cyberagentur.de/programme/3s
https://www.cyberagentur.de/presse/sicherheitsluecken-wachsen-schneller-als-der-code/