Security by Design · Proven by Test

Is your company —
and are your products — secure?

// 99% security is 100% insecurity.

SQ-Software GmbH protects your innovations, products, data and processes. As the key sales partner of Primary Target, we deliver CodeX — the patented, AI-powered platform for automated threat analysis — together with hands-on penetration testing by TestArmy and turnkey secure-development solutions.

80+satisfied customers
50+years of combined IT-security experience
20+security tools & industry solutions
Compliant with: ISO/SAE 21434EU CRANIS2DORA ISO 27001NISTOWASPIEC 62443
The Challenge

It is only a question of time before you are attacked — and your business is disrupted or destroyed.

IT systems automate mission-critical processes. Complexity is rising, regulation is tightening, and AI is making cyber attacks easier every day. Manual, spreadsheet-driven security processes can no longer keep up.

Systems

Complexity is exploding

IT systems control critical automated workflows, and their complexity keeps growing — a modern vehicle alone runs 50M+ lines of code across 60+ processors.

Regulation

Legislation threatens company survival

Since July 2024, vehicles without a completed threat analysis cannot be registered in Germany. The EU CRA mandates full compliance by December 2027 — with fines up to €15M or 2.5% of global turnover.

Threat level

AI makes attacks easier

Cyber attacks are becoming simpler and cheaper to launch — also thanks to AI. The threat level is growing across every industrial vertical.

Experts

Security specialists are scarce

Experts are expensive and hard to find. Leading Tier-1 suppliers employ entire teams just to review Excel-based TARAs — and still can't keep pace.

Tooling

Isolated point solutions

Security tools are used as disconnected island solutions — decentralised data, no access control, no versioning, error-prone manual work.

Process

Insecure, unscalable processes

The current state of manual security engineering is a liability, not a process. It cannot scale to meet today's regulatory and threat landscape.

SQ-Software GmbH evaluates your processes and integrates the best security tools into your workflows — so your innovations, products, data and processes stay protected.

Get Advice Now
Solutions · One Partner, Full Lifecycle

Secure by design. Proven by test.

Regulators now expect security to be designed in and demonstrated. SQ-Software delivers both disciplines from a single source: CodeX automates the analysis, TestArmy exercises the result.

01 · Design

Model the threats

CodeX automates threat analysis and risk assessment (TARA) while your product is still on the drawing board — auditable, versioned, reusable.

CodeX · by Primary Target — sold & delivered via SQ-Software
02 · Build

Develop securely

We set up verifiable security standards and quality rules for your software development process — for you and your suppliers — checked automatically.

SQ-Software · secure development solutions
03 · Verify

Exercise the threats

TestArmy's certified engineers attack, load and probe what you build — AI-driven penetration testing, auditing and QA — before anyone else does.

TestArmy · QA & cybersecurity testing
Flagship Offering · Design Phase

CodeX — Automated Cybersecurity for Industrial Products

A patented, AI-powered, browser-based platform that replaces insecure, manual Excel processes — cutting time-to-market by 90% and costs by 80%. Delivered on a secure blade server with HSM, or on a sovereign cloud such as Stackit or Telekom.

SQ-Software — Key Sales Partner of Primary Target
Analysis

Automated Threat Analysis

Identifies attack vectors across all software and hardware components using a database of 10,000+ threats — no scarce experts needed for routine assessments.

Risk

Risk Assessment & Visualisation

Calculates residual risk and visualises the security impact of vulnerabilities across the entire system architecture — a clear, fact-based picture for decision-makers.

Response

Automated Countermeasures

Recommends targeted countermeasures tailored to your system's configuration and risk profile — no guesswork required.

Process

Secure Development Workflow

Enforces access rights, encrypted data storage, change management and process tracking — your development process becomes a security asset.

Integration

Tool Chain Integration

Browser-based and API-ready. Integrates with your engineering, PLM and security tooling. Import architecture diagrams and electronic signal maps directly.

Scaling

TARA Reuse & Scaling

Component-level TARAs are reusable across projects and customers — up to 10× cheaper than creating new ones. Ideal for supplier networks and platform architectures.

−90%faster new TARAs — from 40–60 days to 3 days
−80%change-cycle reduction on existing TARAs
−75%staff — 1 employee replaces 4 specialists
−93%total cost — €5k vs. €75k manual
CapabilityCodeXOthers
ISO/SAE 21434 coverage80%10–15%
Threat database (10,000+ entries)120 max
Full automationPartial
Workflow management, versioning & change tracking
Combat field simulation
Security by Design + encrypted storage with HSM

⚖ European Patent PT4483EP — automated threat identification & countermeasure selection. A legally protected competitive advantage.

🚗 Automotive & Autonomous Vehicles 🎖️ Defense 🏥 Medical Devices ✈️ Aviation & Aerospace ⚓ Marine & Electric Vessels
Verification Phase · Offered through SQ-Software

TestArmy — Penetration Testing & Quality Assurance

Threats modeled are only half the story — they must also be exercised. TestArmy's Wrocław-based specialists deliver AI-driven penetration testing, auditing and quality testing of digital products, so you bring functional, secure solutions to market.

  • AI-driven penetration testingAuditing and vulnerability assessment for web, mobile and infrastructure.
  • Test automationCypress, Selenium, Appium and modern stacks.
  • Performance & functional testingFor web and mobile products under real-world load.
  • UX, accessibility & QA consultingPlus developer staff augmentation for your teams.
  • Certified credentialsISTQB Platinum Partner · ISO 9001 & ISO 27001 certified · customers in critical infrastructure, machinery, ships, arms, medical and household devices.
SQ-Software Solutions & Services

Turnkey solutions for secure software development

Beyond CodeX and TestArmy, SQ-Software markets and delivers turnkey solutions and services for software development departments — finding defects automatically and embedding security and quality rules directly into your development process.

Standards & Supply Chain

Verifiable security & quality standards

We help you establish auditable security standards and quality rules for your software development process — for your company and your suppliers — and verify them automatically.

Application Hardening

Obfuscation, signing & attack resistance

We obfuscate your executables, sign them securely and harden them against attacks — protecting your intellectual property in the field.

Voice Channel Security

Biometric identification & authorisation

For the voice channel, we integrate passive and active biometric controls for identification and authorisation — securing your customer-facing processes.

Compliance Engineering

Regulation built into the process

We integrate security and quality rules, norms and regulations — ISO 21434, ISO 27001, DORA, NIS2, EU CRA — into your development process, and optimise your workflows to run compliantly by default. Add security requirements as early as product planning and design.

Regulatory Landscape

Compliance deadlines are approaching fast

Regulations are tightening across all industrial sectors. Our solutions make sure you're ready — today, and for future updates to the regulatory framework.

EU Cyber Resilience Act (CRA)

Applies to all products with digital elements sold in the EU. Mandatory vulnerability reporting from September 2026; full compliance by December 2027. Fines up to €15M or 2.5% of global annual turnover.

⏰ Sept 2026 — Dec 2027

ISO/SAE 21434 & UN R155

The automotive cybersecurity standard, now enforced by law in Germany and across the EU. OEMs mandate compliance throughout their supply chain; vehicle registration requires a completed TARA.

⏰ In effect — July 2024

NIS2 Directive

Expanded critical-infrastructure cybersecurity across the EU — automotive, energy, health, transport and manufacturing. Requires risk-management measures and incident reporting.

⏰ In effect — Oct 2024

DORA

The EU's Digital Operational Resilience Act imposes strict ICT risk-management, testing and reporting obligations on the financial sector and its technology suppliers.

⏰ In effect — Jan 2025

IEC 62443 & EU MDR / FDA

The core standards for industrial automation and control-system security, plus medical-device cybersecurity requirements throughout the device lifecycle.

⏰ Industry standard / in effect

DO-326A & EASA

Aviation cybersecurity airworthiness process standard — required for new type certifications and major modifications to aircraft and avionics.

⏰ Certification requirement
About Us

Security & Quality Software GmbH

SQ-Software GmbH is a German IT-security company based in Ismaning near Munich. We support companies in protecting their key innovations, products, data and processes — evaluating workflows and integrating the best security tools into daily operations.

We market and distribute turnkey solutions and services for software development departments: automated defect detection, secure development processes, application hardening, voice biometrics — and compliance with ISO 21434, ISO 27001, DORA, NIS2 and the EU CRA, integrated directly into the development process.

80+satisfied customers
50+years of IT-security experience
20+security tools & industry solutions
Strategic Partnership

Key Sales Partner of Primary Target GmbH

SQ-Software is the most important sales partner of Primary Target GmbH, the Munich-based developer of the patented, award-winning CodeX platform for automated threat assessment and risk analysis.

Through this partnership — and our cooperation with the TestArmy Group — our customers get security across the full product lifecycle from a single, local point of contact: consulting, licensing, implementation, integration and testing.

🏆 CodeX: Best Cybersecurity Technology 2023 (Handelsblatt Group, Fraunhofer ISI & Capgemini) · 🥈 E-Mobility Startup Award 2023 (Porsche & Baden-Württemberg) · 🏅 German Startup Pokal 2024, 2nd place

Information

News, Events & Background

Stay up to date with the latest developments at SQ-Software and our partners — from company background and news to upcoming events and official press releases.

About SQ-Software & the Partnership

SQ-Software GmbH (Security & Quality Software GmbH) is an IT-security company based in Ismaning near Munich. We help companies establish verifiable security standards and quality rules for their software development process — for themselves and their suppliers — and verify them automatically.

As the key sales partner of Primary Target GmbH, we market CodeX: a patented, AI-powered platform for automated threat assessment and risk analysis (TARA) of industrial products. Following the principle of Security by Design, CodeX replaces insecure, manual Excel-based processes with a fully automated, auditable workflow — serving the Automotive, Defense, Medical, Aviation and Marine markets, and supporting compliance with ISO/SAE 21434, the EU CRA, NIS2, DORA, NIST and OWASP.

Get Started

Request a demo or a consultation

See CodeX in action, scope a security test with TestArmy, or get advice on your secure development process. Select your topic and we'll tailor the conversation to your specific use case — usually within one business day.

Address

SQ-Software GmbH
Freimanner Str. 14
85737 Ismaning, Germany

⚡ Quick Start Options
  • Request the White Paper on TARA automation
  • Schedule a 30-minute discovery call
  • Proof of concept with your real TARA data
  • Scoped test plan from TestArmy's engineers