Dutch software quality SME specialising in program analysis, dependency graphs, and software ecosystem measurement for enterprise and open-source systems.
Software Improvement Group (SIG) is a Dutch software quality consultancy that measures, benchmarks, and improves the internal quality of software systems — analysing codebases for maintainability, technical debt, and structural risk. Their research work extends this practice into automated program analysis at scale: understanding how software packages depend on one another, how call graphs propagate vulnerabilities, and how software ecosystems evolve as networks. In EU projects they contribute deep expertise in static analysis tooling and empirical software engineering. Their dual role as both a commercial consultancy and an active EU research partner makes them unusual: they bring real industrial codebases and measurement methods that academic partners rarely have access to.
SIG's core commercial practice underpins both SENECA (software engineering in cloud systems) and FASTEN (ecosystem-scale program analysis), positioning code quality analysis as their through-line.
FASTEN (2019-2022) focused explicitly on fine-grained analysis of software ecosystems as networks, with SIG contributing to package manager dependency graphs and call graph construction.
FASTEN project keywords — call graphs, program analysis, graphs — map directly to the automated static analysis methods SIG applied to large open-source package repositories.
SENECA (2015-2018), where SIG acted as coordinator, addressed software engineering practices for enterprise cloud application systems, likely drawing on their consulting portfolio.
SENECA was funded under MSCA-ITN-EID, meaning SIG co-supervised early-stage researchers and provided an industrial training environment alongside academic partners.
In their first H2020 project (SENECA, 2015-2018) SIG operated as coordinator of a Marie Curie training network focused on software engineering practices for enterprise cloud systems — a broad mandate that produced no retained keyword signature, suggesting the work was more organisational and training-oriented than technically specialised. By 2019, with FASTEN, their focus sharpened considerably: all retained keywords point to graph-based analysis of software package ecosystems, dependency networks, and call-graph construction at scale. The shift is from broad software engineering education toward precise, automated, data-driven program analysis — a more technically focused and tooling-heavy direction.
SIG appears to be moving from broad software quality consulting toward specialised automated analysis of software supply chains and dependency ecosystems — a direction with strong relevance to software security and open-source risk management.
SIG has taken the coordinator role in one project and a participant role in the other, showing comfort on both sides of the table. Their consortia are small — 9 total unique partners across 2 projects in 6 countries — suggesting they favour focused, high-trust partnerships over large open consortia. As a commercial SME embedding itself in research networks, they typically function as the industry anchor: providing real-world data, validation environments, and practical software engineering knowledge that academic partners cannot replicate.
SIG has worked with 9 unique partners across 6 countries, a compact network for two projects, indicating selective rather than broad-based collaboration. No repeated partner pattern is visible with only two data points, but their cross-country spread across six European nations suggests they engage comfortably in international consortia.
SIG occupies a rare intersection: a commercially active software quality firm that also conducts and co-leads EU-funded research, giving them credibility with both industrial clients and academic consortia. Unlike university software engineering groups, they bring proprietary benchmark datasets and real client codebases to research collaborations. For a consortium needing an industry partner who can both validate research outputs against production software and absorb early-stage researchers into a professional environment, SIG is an unusually well-fitted choice.
