Software Improvement Group

Looking back on Enlit Europe last week in Bilbao 🇪🇸 Energizing conversations, sharp insights, and the chance to connect with leaders driving the future of the energy sector. One theme came through clearly: as AI adoption accelerates, its interdependence with rising energy demand is becoming impossible to ignore. The sector is at the start of a pivotal shift, and it was inspiring to discuss how organizations can harness AI safely, responsibly, and at scale. Thanks to everyone who stopped by, and to all the orgs at the Dutch Pavilion for creating such a great atmosphere. We're looking forward to continuing the conversation. Discover SIG for Power & Utilities: https://lnkd.in/eN-n9bw2

If you’ve read Dune 📖 , the name Shai-Hulud might ring a bell. However, we’re not talking about the giant sandworms from the books or the recent films; that’s just where this malware worm got its name. So, what is Shai-Hulud 2.0? It’s a fast-spreading piece of malicious code that recently slipped into popular open-source building blocks many JavaScript teams reuse. Pull one of those blocks, and the malware can try to steal access keys, post them publicly on GitHub, and—in the worst case—attempt to wipe files. It also copies itself, which helps it spread quickly, which is why the Dune reference is so fitting. Not just because the sandworms are terrifying and virtually indestructible, but because the name Shai-Hulud is derived from the Arabic (شيء خلود (šayʾ khulūd) and roughly translates to "thing of immortality"—a nod to something that tries to live on by replicating itself. What's happened? On November 24, 2025, Shai-Hulud 2.0 was identified as a self-replicating npm worm that backdoored 796 legitimate open source library packages (about 20 million weekly downloads). Instead of infecting a single package, it can jump to others, accelerating its spread across teams and tools. According to cybersecuritynews.com it has compromised nearly 1,200 organizations, including major banks, government bodies, and Fortune 500 technology firms. How can you check if you’ve been affected—or prevent this in the future? Our IT portfolio governance platform, Sigrid®, helps you stay ahead. Its Open Source Health gives you a clear view of open-source vulnerabilities, license compliance, and legal risks across your software landscape—so you can see where to act first. In addition, with Sigrid CI for Open Source Health, your development teams will receive an alert in their pipeline as soon as an open source vulnerability is present. Spot threats before they spot you: https://lnkd.in/enW3ZcAv #ShaiHulud #OpenSource #Cybersecurity #Dune

In public-sector IT, credibility comes from quality. That’s why Stichting Beheer ICT Rechtshandhaving (SBIR) set out to raise the standard for public-sector software across the Caribbean. In collaboration with Software Improvement Group, SBIR moved from opinion to independent, evidence-based insight. After an initial Software Risk Assessment, they adopted Sigrid® to create a consistent, measurable standard for software quality and long-term health. What changed? SBIR gained: ‣ Clear visibility into maintainability, security, and architecture ‣ Recommendations grounded in international standards ‣ Independent validation that strengthened credibility ‣ A shared quality baseline across vendors and islands As Hans Schreuder MA, Managing Director of the Board put it: “𝘞𝘪𝘵𝘩 𝘚𝘪𝘨𝘳𝘪𝘥, 𝘪𝘵’𝘴 𝘮𝘰𝘳𝘦 𝘷𝘪𝘴𝘪𝘣𝘭𝘦 𝘸𝘩𝘢𝘵 𝘸𝘦’𝘳𝘦 𝘵𝘢𝘭𝘬𝘪𝘯𝘨 𝘢𝘣𝘰𝘶𝘵 […] 𝘞𝘦 𝘤𝘢𝘯 𝘴𝘦𝘦 𝘸𝘩𝘢𝘵’𝘴 𝘨𝘰𝘪𝘯𝘨 𝘸𝘳𝘰𝘯𝘨, 𝘸𝘩𝘢𝘵’𝘴 𝘨𝘰𝘪𝘯𝘨 𝘸𝘦𝘭𝘭, 𝘢𝘯𝘥 𝘸𝘩𝘢𝘵 𝘯𝘦𝘦𝘥𝘴 𝘰𝘶𝘳 𝘢𝘵𝘵𝘦𝘯𝘵𝘪𝘰𝘯. 𝘞𝘦 𝘢𝘳𝘦 𝘮𝘰𝘳𝘦 𝘪𝘯 𝘤𝘰𝘯𝘵𝘳𝘰𝘭.” Thanks so much to Hans Schreuder MA and Joel Sanches for the collaboration! 🔗 Discover the full success story here: https://lnkd.in/ee-XkvTj

Organizations increasingly rely on software but often struggle to manage its complexities. Cyber security is a big topic, but despite widespread awareness of increasing risks, the majority of board members don't regularly interact with their Chief Information Security Officer. Real control requires a shared understanding. It's critical for IT and business to speak the same language. Do you know how secure your software is? What if you could track your security posture without needing an engineering degree? With Sigrid®'s management dashboard you get a detailed overview of vulnerabilities, severity ratings, changes over time, and other key trends, all in a board-friendly overview. It's time to shift up. Start bridging the gap between tech and business strategy: https://lnkd.in/eXV45-nq

Today, AI-assisted coding is everywhere. 84% of developers are already using or planning to use AI tools. While large language models (LLMs) can increase developer output by 26%, separate experiments show experienced engineers may actually slow down by 19% when reworking flawed AI-generated code. Why? LLMs make suggestions based on patterns in their training data. They're trained on market-average code and rely on associative, pattern-based reasoning, which makes them fast but not always accurate. The takeaway: productivity gains are real only if quality and security controls keep pace. What if you could bring enterprise-grade control to every line of AI-generated code? That’s where Sigrid® MCP comes in. Sigrid MCP brings enterprise-grade checks directly into the IDE, giving teams real-time insight into maintainability and security issues so you can govern what the AI produces and turn AI-assisted development into a controlled, auditable and quality-driven process. 🔗 Explore MCP : https://lnkd.in/erP6EVnw

In a joint proof of concept, Software Improvement Group and Progress Software proved that with the right quality and security guardrails, AI-generated code can be fast, safe, and production-ready. “With quality and security checks built right into the workflow, developers can generate code, review it, and fix issues instantly—without ever leaving the IDE.” —Stephan Leferink, SVP Global Sales, Application and Data Platform, Progress A new whitepaper from Progress details how combining AI coding assistants with the Sigrid® MCP server unlocks speed without compromise. Key results from the joint POC include: ✔️ Reduced average maintainability violations from five to zero. ✔️Flagged security misconfigurations directly within the IDE. ✔️ Spent no more than mere seconds on manual checks, instead of hours reworking faulty code. ✔️ Estimated savings of up to €2.25 million in maintenance costs per system, per year. “AI is a powerful tool—but it needs oversight. With the Sigrid MCP server, developers can trust what the assistant produces, and ship better code, faster.” —Michel van Dorp, VP Strategic Partnerships, Software Improvement Group Read the full story ⬇️ #AIcoding #MCP #AIGovernance #AIcodeAssistants #SoftwareQuality #SecureDevelopment #ProgressOpenEdge

Ramping up your AI ambitions? Make sure you're leading innovation, not just chasing it. We’ve created a practical leadership checklist to help you govern AI with confidence. AI is already on every strategic agenda. Yet, without the right governance and controls in place, it can introduce more risk than reward. Organizations who adopt responsible practices and robust frameworks can truly unlock AI’s potential while keeping risks at bay. Ready to lead rather than react? Explore our full AI governance offering here: https://lnkd.in/ewCz_vMm

Hola from Bilbao! 🇪🇸 We’re kicking things off here at Enlit Europe's Netherlands pavilion where our team will be connecting with visitors to discuss how leaders in energy can power their transformation in the AI era, safeguard AI-generated code, and build resilient, high-performing systems. Don't forget to join us today at 10:30 for Mark Groot's talk on how the energy sector is using AI, its potential for the industry, and how we help firms govern their AI to meet the rising energy demand with strategic control. Meet the team at Booth 3.D60 for a coffee and a free consultation ☕ Book a meeting: https://lnkd.in/es6hxzWK

We’re proud to share how HeadFirst Group partnered with Software Improvement Group to elevate transparency, strengthen governance, and ensure their technology landscape continues to support their growing ambitions. With Sigrid®, our IT governance platform, HeadFirst Group gained: 🔎 A unified, portfolio-wide view of their software landscape 📊 Consistent, objective insights across teams and systems 🧱 A strong foundation for long-term scalability and quality 🤝 A shared reference point that helps IT and business move forward with confidence As SIG's Commercial Director Joep Mertens put it: “𝘞𝘩𝘢𝘵 𝘴𝘵𝘰𝘰𝘥 𝘰𝘶𝘵 𝘧𝘳𝘰𝘮 𝘵𝘩𝘦 𝘴𝘵𝘢𝘳𝘵 𝘸𝘢𝘴 𝘵𝘩𝘦𝘪𝘳 𝘥𝘳𝘪𝘷𝘦 𝘵𝘰 𝘳𝘦𝘮𝘢𝘪𝘯 𝘪𝘯 𝘤𝘰𝘯𝘵𝘳𝘰𝘭 𝘰𝘧 𝘵𝘩𝘦𝘪𝘳 𝘥𝘪𝘨𝘪𝘵𝘢𝘭 𝘭𝘢𝘯𝘥𝘴𝘤𝘢𝘱𝘦. 𝘐𝘯 𝘦𝘴𝘴𝘦𝘯𝘤𝘦, 𝘰𝘶𝘳 𝘳𝘰𝘭𝘦 𝘸𝘢𝘴 𝘵𝘰 𝘩𝘦𝘭𝘱 𝘵𝘩𝘦𝘮 𝘸𝘪𝘵𝘩 𝘵𝘩𝘦 𝘵𝘳𝘢𝘯𝘴𝘱𝘢𝘳𝘦𝘯𝘤𝘺 𝘢𝘯𝘥 𝘴𝘵𝘳𝘶𝘤𝘵𝘶𝘳𝘦 𝘵𝘰 𝘮𝘢𝘬𝘦 𝘵𝘩𝘢𝘵 𝘢𝘮𝘣𝘪𝘵𝘪𝘰𝘯 𝘢 𝘳𝘦𝘢𝘭𝘪𝘵𝘺.” Thank-you to Cristian Ciuperca and Marion Van Happen from HeadFirst Group for their collaboration on this case. 🔗 Read the full story here: https://lnkd.in/eQgCf94H

Justid (Justitiële Informatiedienst) is the IT organization responsible for essential digital infrastructure for the Dutch Ministry of Justice and Security (Ministerie van Justitie en Veiligheid) and the Ministry of Asylum and Migration (Ministerie van Asiel en Migratie).   One of their core systems is the Central Digital Depot (CDD+), a long-term archive containing over 150 million official documents.   During Justid’s annual innovation week, and as a way to explore how the organization can make its services more sustainable, Justid asked Software Improvement Group to conduct a Green Software Assessment.   This assessment provided insight into the current carbon footprint en energy consumption of the CDD+ system and resulted in concrete proposals for further reducing it.   Our head of innovation, Pepijn van de Kamp, presented a clear, actionable roadmap of sustainability improvements to be made to the code, architecture and infrastructure, so Justid can fully utilize the scalable infrastructure on which CDD+ is built and further reduce CO2 emissions and energy consumption.   If you want to learn more: https://lnkd.in/euQyfjy5   Start translating your sustainability ambitions into a practical improvement plan: https://lnkd.in/eehCPskQ