If you ever tried to enforce a network policy in a large data center, i.e., needed to configure the different firewalls and routers, you will agree that this is a tedious and error-prone task. This is even more true, if you need to maintain and change those policies over a long period of time. Understanding, the actual policy enforced in a non-trivial network setup (e.g., a data center with multiple fall-back connections) is even harder.

One way of ensuring that important security (access control) properties of a network are true and are not changed during reconfiguration is testing. We developed a specification-based (model-based) testing approach for network policies that allows to represent network policies in a high-level language, to optimize the policies, and to generate test cases that can directly be executed in a real-world network.

After eight years of innovating and driving security at SAP SE and helping the SAP development organization to become great in software security (guys at SAP, you are doing a great job!), it is time for new challenges: I am making a “double move”, first, from industry to academia and, second, from Germany to the UK.

Everybody developing software should, in fact, accept the challenge to develop secure software. This is not an easy challenge: it requires an end-to-end security development life-cycle (SDLC) that nicely integrates with your software development processes.