Lukas Huber
Founder & AI Strategist
The heise devSec conference offers Swiss SMEs crucial insights into secure software development, essential for defending against cyberattacks.
A quick glance at the calendar reveals: The heise devSec Conference, a central meeting point for secure software development, will take place from September 22nd to 23rd, 2026, in Marburg. For many Swiss SMEs, the geographical distance or the focus on "software development" might seem like a niche topic. However, this assessment is dangerously short-sighted.
In fact, according to a 2024 study by Cyber-Ark, over 60% of successful cyberattacks exploit vulnerabilities in software or its development processes. This means: Every digital service, every internal application that an SME uses or develops itself, can be an entry point. And the costs that a single successful attack can incur – from operational disruptions and reputational damage to fines under data protection laws – far outweigh the investment in prevention.
The question, therefore, is not whether Swiss SMEs should address secure software development, but how they can do so efficiently and within their budgets. Especially in a country that builds on trust and quality, the security of digital infrastructure is not an option, but a necessity.
📊 Key Facts at a Glance:
- Conference: The heise devSec Conference takes place on September 22nd and 23rd, 2026, in Marburg. (Source: heise devSec, 2026)
- Online Offering: The online deep-dive 'AI and Security' takes place on May 11th, 2026. (Source: heise devSec, 2026)
- Cost-Efficiency: Small medical practices can implement DevSecOps in a HIPAA-compliant manner without enterprise budgets. (Source: HIT Consultant, 2026)
- History: Since 2017, heise devSec has been the meeting point for everyone wanting to develop more secure software. (Source: heise devSec Autumn 2024, 2026)
How can Swiss SMEs cost-effectively secure their software development processes?
The answer lies in the strategic integration of security from the outset, not as an afterthought. Many SMEs face the dilemma: they need tailor-made software solutions to remain competitive but lack the resources of large corporations to maintain extensive security teams. This often leads to security being viewed as a "nice-to-have" or a last step before going live – a costly mistake.
The key lies in the DevSecOps approach. This means not just considering security as a phase at the end of the development process, but integrating it into every single step: from conception through development and testing to operation. Imagine building a house. Would you check the structural integrity only after the roof is on? Hardly. You shouldn't check your software's security only at the end either.
For Swiss SMEs, cost-efficiency here means taking pragmatic steps. This starts with training their own developers, extends to automating security tests in the development pipeline, and includes using open-source tools, which are often powerful and free. A good example is the realization that even small medical practices can implement DevSecOps in a HIPAA-compliant way without needing an enterprise budget. This shows that it's primarily about the right mindset and methodology, not the size of your wallet.
💡 Recommendation: Prioritise the Fundamentals
Before investing in complex security tools, ensure that the fundamental processes are in place. This includes:
- Regular training for all employees involved in software development on secure coding practices.
- Implementing code reviews with a focus on security aspects.
- Automated static and dynamic code analysis to detect vulnerabilities early.
- A clearly defined process for managing vulnerabilities once they are discovered.
These steps require discipline, but not huge budgets, and lay a solid foundation.
When my team at Huber Treuhand GmbH embarked on the "AI Tax Mentor" project, the focus was on scalability and knowledge transfer. We realised that every new process, every new tool we introduced, had to be designed with security in mind from the start. The five pillars of AI readiness we identified – from Strategy & Vision to Technical Skills – are directly transferable to security readiness. An AI project must align with the company strategy; the same applies to the security strategy. Resources are wasted if there's no clear objective.
Identifying quick wins that deliver visible results is crucial here. This could be an automated scan that uncovers the top 10 vulnerabilities in your existing software, or training that immediately reduces the number of security flaws in new code by 15%. Such successes build acceptance and motivate further steps.
What concrete benefits does attending heise devSec offer Swiss SMEs?
The heise devSec offers a concentrated dose of expertise and practical solutions specifically tailored to the challenges of secure software development. It's not just about hearing the latest buzzwords, but about concrete guidance and best practices that can be directly applied within your own company.
A significant advantage is direct access to experts. At a conference like heise devSec, you meet practitioners and researchers who deal with the most complex security problems daily. This type of knowledge transfer is invaluable. You can ask questions, exchange experiences, and learn from others' mistakes without having to make them yourself.
Especially for Swiss SMEs, which often have smaller development teams, exchange with the broader community is of great importance. It opens up new perspectives on tools, methods, and architectures that can significantly improve your own security. The conference has been an established meeting point since 2017, which speaks to a certain continuity and quality of the offering.
💡 Tip: Targeted preparation maximises benefit
Before you or your employees attend a specialist conference like heise devSec, define clear learning objectives. What specific security problems do you want to solve? Which new technologies or approaches interest you most? Create a list of the most relevant talks and workshops, and plan sufficient time for networking. A well-prepared visit will deliver measurable added value for your SME.
Another, often underestimated, aspect is the online deep-dive "AI and Security" on May 11th, 2026. Artificial intelligence is not only a potential tool for improving security but also a new attack surface. Understanding this dynamic is crucial for any SME that uses or considers using AI solutions. Integrating AI into business processes, as we outlined in our implementation roadmap at Huber Treuhand, requires a deep understanding of potential risks and how to mitigate them. Metrics like "Hallucination Rate <2%" and "Citation Accuracy >98%" are not only important for the quality of AI results but also for their security and reliability.
Attending such events is an investment in the skills development of employees. Technical skills like Python, Git/GitHub, Hugging Face Transformers, or MLOps frameworks are essential not only for development but also for implementing and maintaining secure systems. Demonstrating ways these skills can be applied in the context of security is a direct benefit.
Why is secure software development essential for Swiss SMEs in today's digital landscape?
For Swiss SMEs, secure software development is no longer an optional add-on, but a fundamental pillar for trust, compliance, and long-term business success. The digital landscape is changing rapidly, and with it, the threat landscape. What was considered secure yesterday can already be an open door for attackers tomorrow.
The first and most obvious reason is protection against cyberattacks. A successful attack can be existential for an SME. Data loss, operational disruptions, extortion attempts – all lead to massive costs that an SME often cannot bear. Reputation suffers, and customer trust erodes. In Switzerland, where trust is highly valued, reputational damage from a security breach can have severe consequences.
Secondly, compliance requirements have increased. With the Swiss Federal Act on Data Protection (FADP) and the EU GDPR (which often affects Swiss companies when they work with EU customers), companies are obliged to take appropriate technical and organisational measures to protect personal data. Insecure software development practices can directly lead to violations, which are subject to high fines.
⚠️ Warning: Ignorance is not a strategy
Ignoring security risks in software development is not a viable strategy. The costs of fixing a security vulnerability after an attack are, on average, 5 to 10 times higher than investing in preventive measures. Added to this are intangible damages such as loss of trust and reputational harm, which are difficult to quantify but can significantly impact long-term business success. Don't wait until it's too late.
Thirdly, secure software development strengthens customer trust. In an era where data breaches and cyberattacks make headlines almost daily, customers value companies that take the protection of their data and systems seriously. A proactive approach to security can be a decisive competitive advantage and increase customer loyalty. If you can credibly assure your customers that the software you develop or use is designed and operated to the highest security standards, you create a solid foundation of trust.
The challenge for many Swiss SMEs is that they often lack the internal expertise to meet these complex requirements. This is where partners like schnellstart.ai come into play, who, with their focus on AI implementation, also keep an eye on the security aspects of digital transformation. It's about not only identifying where AI can have the greatest impact (Pillar 2 of AI Readiness: Where in your value chain can AI generate the greatest impact?), but also how this impact can be realised securely.
The news context surrounding the call for proposals for heise devSec underscores the urgency of the topic. It's about the community constantly sharing new insights and evolving. If Swiss SMEs are disconnected from this development, they risk falling behind technologically and in terms of security. We cannot afford that in today's world.
| Feature | Ad-hoc Security Measures | Integrated DevSecOps Model |
|---|---|---|
| Timing of Security Integration | At the end of the development cycle, reactive | From the start (design, development, testing, operation), proactive |
| Cost-Efficiency | High costs for bug fixing after discovery; repeated patches | Lower overall costs through early error detection and prevention |
| Error Detection | Late in the process, often only in production or after an attack | Early and continuous through automated tests |
| Responsibility | Primarily with a dedicated security team or external auditors | Shared responsibility of development, operations, and security |
| Development Speed | Security checks can delay the release process | Security is part of the continuous process, releases are faster and more secure |
| Compliance & Trust | Makes compliance difficult; lower customer trust | Facilitates compliance; strengthens trust from customers and partners |
🚀 Practical Example: The Path to a Secure AI Solution
In our project for Huber Treuhand GmbH, the "AI Tax Mentor," security was an integral part of the implementation roadmap. Phase 1 ("Professionalisation") focused on making the demo bot production-ready. This included not only UI/UX and error handling but also aspects like "Human-in-the-Loop" for validation and secure deployment strategies from the outset. In Phase 2 ("Validation"), we tracked metrics such as "Hallucination Rate" and "Citation Accuracy." These are not only quality indicators but also crucial for the trustworthiness and thus security of AI-generated information. An inaccurate AI is an insecure AI. This structured, phased approach, where security and quality go hand in hand, is transferable to any software development.
Conclusion: Security is not a luxury, but a basic need
The heise devSec conference and its online offerings are more than just events; they are a reflection of the unstoppable development in cybersecurity and software development. For Swiss SMEs, it's not a question of whether, but how, to face these challenges. Those who still believe today that security is a luxury or a topic only for large corporations will not survive in tomorrow's digital landscape.
It's about acting proactively, building knowledge, and implementing pragmatic, cost-effective solutions. Integrating security into every step of software development is the only way to remain successful and trustworthy in the long term.
✅ Security from the start: Integrate security into every step of your software development, from planning to operation, to save costs and minimise risks.
✅ Leverage knowledge transfer: Attend specialist conferences like heise devSec and their online offerings to learn from experts and adapt best practices for your SME.
✅ Strengthen trust and compliance: Secure software development is the foundation for complying with data protection laws and for building and maintaining customer trust in Switzerland.
Would you like to put the security of your software development processes to the test or need support in strategically implementing DevSecOps principles? Contact us for a no-obligation initial consultation.
Related Articles
Newsletter
Receive our weekly briefing on Swiss AI & Deep Tech.