Cybercrime causes yearly financial damage close to $600 billion worldwide, nearly one percent of the global GDP (CSIS). This damage can certainly be reduced by producing more secure and reliable software.

Current software testing approaches are insufficient. For example, static analysis techniques produce a high rate of false positives. As a result, these approaches require security experts to manually analyze the results and identify real security issues among a large amount of generated warnings. Penetration tests, done by security experts, but are only conducted irregularly and are usually separated from the development process.

The core problem for businesses is twofold: firstly there are too few IT security experts, and second, testing for security and reliability issues is not automated sufficiently. Additionally, software security testing faces unique challenges in important application areas such as: