Secure Software Engineering through Sensible Automation (SESAM) 

In late 2024, Synteda joined the launch of the Secure Software Engineering through Sensible Automation (SESAM) project—a research initiative aimed at making software security an integral and seamless part of the development process. Backed by Sweden’s Knowledge Foundation (KKS) and led by researchers at Blekinge Institute of Technology (BTH), SESAM focuses on developing a comprehensive framework that enhances development practices by integrating security sensibly and seamlessly into everyday workflows. In essence, SESAM aims to empower normal software testers and developers with tools and methods to integrate security into software from the outset.

Modern software systems face increasingly complex security challenges. The rising complexity of architectures and the growing sophistication of cyber threats mean that purely reactive or late-stage testing is no longer sufficient. Traditional approaches often introduce security checks only late in the software development life cycle—for example, during final QA or before release—when fixing issues is costly and inefficient. Several barriers have made it difficult to shift security left (i.e., pull security earlier in the development): teams may lack in-house security expertise, existing security tools can be challenging to integrate into fast-paced DevOps workflows, and there’s a fear that additional security steps might disrupt productivity. The result is that critical security issues can slip through until late in the process or after deployment. Clearly, a new approach is needed —one that embeds security into development in a developer-friendly manner.

SESAM tackles these challenges with an emphasis on automation and intelligent tool support. The project’s vision is to integrate security practices into the development process, ensuring they occur continuously and with minimal friction. In other words, security testing under SESAM becomes a natural extension of regular testing activities, rather than a siloed specialty. To achieve this, SESAM is building a framework that leverages sensible automation–meaning automated security checks and analyses are applied in smart, context-aware ways that avoid overwhelming developers with noise.

A cornerstone for Synteda’s participation in the project is usability—making security testing accessible to testers and developers who are not security experts. Many security tools today assume deep expertise or produce results that a typical tester might find hard to interpret. SESAM is directly addressing this gap by extending its tools and practices with the needs of normal users in mind. The goal is for a QA engineer or developer to be able to run security tests as easily as they run unit or GUI tests, and to understand the output without requiring specialized knowledge. To facilitate this, the project focuses on providing clear feedback and integrating with familiar environments such as Scout/HiveMind, along with actionable guidance on how to resolve issues. By supporting developers in understanding and implementing security measures early, SESAM lowers the knowledge barrier that often prevents teams from adopting robust security practices.

SESAM’s other industry collaborations show its practical focus and potential impact. The project involves a global technology leader like Ericsson alongside software tool innovators such as CodeScene. The anticipated benefits for industry stakeholders are significant. For one, companies can strengthen their security posture without having to drastically expand their security teams. Empowering existing developers and testers with SESAM’s easy-to-use tools means more eyes on security throughout the development cycle. Additionally, SESAM’s work directly addresses pressing industry concerns, such as compliance with the European CyberResilience Act.
The early reception has been encouraging, with several project-related peer-reviewed scientific publications already available. The SESAM team has presented their progress at recent software engineering conferences where the project was well-received. Find out more on the project website and make sure to check openly available materials including scientific publications.