Drag
Trust Centre

Security

Research

Our approach to security is based on our own academic research, both in-house and in collaboration with academic institutions.

This validates the Visma Security Program, and ensures that Visma is at the cutting edge when it comes to security.

We also regularly do talks, presentations and lectures at universities, conferences and with our peers in other companies and for our customers.

Here is some of the work we have done:

Project and book chapters

“A Framework for a Sustainable Software Security Program”

Monica Iovan, Daniela S. Cruzes, Espen A. Johansen

DOI: https://doi.org/10.1002/9781119821779.ch2

In the book:
Evolving Software Processes: Trends and Future Directions (pp. 47-69), first published January 2022.

“Building an Ambidextrous Software Security Initiative”

Daniela Cruzes, Espen Agnalt Johansen

DOI: http://dx.doi.org/10.4018/978-1-7998-4165-4.ch009

In the book:
Balancing Agile and Disciplined Engineering and Management Approaches for IT Services and Software Products (pp.167-188), first published January 2021.

“Data driven continuous management of technical debt for sustainable software development”

Mili Orucevic, Daniela Cruzes, Maren Maritsdatter Kruke

Duration 2023 - 2026

Innovation project for the Industrial Sector (IPN) project no.340991, funded and supported by Norwegian Research Council

Through this research we want to break the uncertainties of technical debt management, and set the ground for swift transition to modern and sustainable software engineering.

Scientific articles

Karthik Shivashankar, Mili Orucevic, Maren Maritsdatter Kruke, Antonio Martini

Beacon-Td: Classifying Technical Debt and its Types Across Diverse Software Projects Issues Using Transformers

JSS: Journal of Systems and Software August 2025

Maren Maritsdatter Kruke, Antonio Martini, Daniela S. Cruzes, Monica Iovan

Defining Security Debt: A Case Study Based on Practice

PROFES 2024: Product-Focused Software Process Improvement 27 nov. 2024

Monica Iovan, Daniela Soares Cruzes:

Data-Driven Improvement of Static Application Security Testing Service: An Experience Report in Visma.

PROFES 2022: Product-Focused Software Process Improvement 14 nov. 2022

Karin Bernsmed, Daniela Soares Cruzes, Martin Gilje Jaatun, Monica Iovan:

Adopting threat modelling in agile software development projects

J. Syst. Softw. 183: 111090 (2022)

Monica Iovan, Daniela Soares Cruzes, Espen Agnalt Johansen:

Empowerment of Security Engineers through Security Chartering in Visma

Agile Alliance 10 iun. 2020

Security

Master thesis in Visma

As coadvisors, we will support and guide master students throughout their academic journey. We provide academic assistance, research guidance, and valuable feedback on their work.

We facilitate networking opportunities and help students navigate their chosen field. Together, we aim to foster their growth, develop their skills, and empower them to succeed in their research endeavors and future careers.

This year we focus on:

  • Security vulnerabilities occurrence and management in third-party libraries
  • Measuring the adoption and effective implementation of an application security program
  • Software supply chain threat analysis
  • Threat Analysis for Cloud Infrastructure
  • Security Technical Debt

Some of our previous master thesis:

Elmer Häyrynen - Lappeenranta–Lahti University of Technology LUT, 2021

Analysis of a software security self-assessment tool: Case company: Visma

Details

Eivind Nes Fossum - Norwegian University of Science and Technology, 2022

Intelligence for cybercrime prevention: A study of stakeholders’ needs for actionable intelligence

Details

Aalvik Hege - Norwegian University of Science and Technology, 2022

Towards an Effective Security Champions Program

Details

Kristoffer Håkon Håkonsen - Norwegian University of Science and Technology, 2022

Triggering threat modeling in agile development

Details

Maren Maritsdatter Kruke - University of Oslo, 2022

Security Debt in Practice: A Qualitative Case Study

Details

Matti Paavilainen - Jyväskylä: JAMK University of Applied Sciences, 2022

Applying onboarding theory on the security champion program

Details

Sandra Liabø - University of Oslo, 2022

Comparing prioritization and visualization of technical debt and security debt: A Design Science Research study

Details

Contact us

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

Daniela Soares Cruzes

Lead Security Researcher and Professor at the Norwegian University of Science and Technology (NTNU)

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

Monica Iovan

Head of Security Research, Design and Development in Visma

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

Nicoleta Botosan

Security Engineering Manager and Senior Infrastructure Engineer in Visma

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

Romina Druta

Security Research Engineer and Senior Infrastructure Engineer in Visma

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

Maren Maritsdatter Kruke

Security Business Analyst in Visma