Our customers need secure IT applications. They must be protected against known threats and equally against currently unknown threats. Since 20 years we have been investigating and assessing the security of diverse IT systems. On this basis we are in a position to identify strengths and weaknesses. We are also in an excellent position for proposing improvements, which are both effective and practical.