News and Press Releases

The next verinice.XP will take place from February 25th to 27th 2020 in Berlin. In the Radisson Blu Hotel (Karl-Liebknecht-Strasse 3, 10178 Berlin) IT decision-makers, security officers and data protection officers from companies, institutions and authorities will gather. Reduced Early Bird tickets will be available in October at, the Call for Papers is open.

verinice is one of the most widely used tools to support information security management (ISMS tool). With verinice.XP, SerNet GmbH as organizer and publisher of verinice brings together users from all industries on the subject of data protection and IT security. 

This year our partners Cassini, neam and SILA-Consulting are also active as sponsors of the conference and are available for technical discussions. 

Call for Papers started

The Orga-Team of verinice.XP is looking forward to your suggestions and presentations. Especially the topics IT security and data protection as well as their implementation with verinice in general are in demand. Specifically, this can take the form of disputes with the Modernized IT Basic Protection, ISO 2700x, PCI DSS, ISIS 12, special industry standards, etc. A program committee decides on the submitted contributions. This are the members of the committee:

  • Michael Flürenbrock (SerNet)
  • Volker Jacumeit (DIN e.V.),
  • Boban Kršić (CISO DENIC eG),
  • Isabel Münch (BSI) and
  • Jens Syckor (TU Dresden).

Proposals for lectures should be sent by e-mail to or can be submitted directly to

Tickets and Program

Tickets will be available in October at . In addition to the daily program, participants of verinice.XP can also participate in the social event. This will take place on the evening of 26 February and is intended to promote the exchange between all participants. The venue will be announced soon.
The agenda for verinice.XP will be published at the end of 2019. In addition to the lectures, there will also be opportunities to talk to the verinice.TEAM and inform yourself about the further development of verinice.


On February 25, SerNet will hold several workshops on the topics "ISO 27001", "Modernized IT Basic Protection" and "DS-GVO". Participation in these workshops is possible independently of verinice.XP. The costs are 450 Euro. The detailed agenda for both courses will be published soon.

One quarter after version 1.18, SerNet delivers important enhancements in version 1.18.1, for which we don't want to keep our customers waiting any longer. All details with explanatory screenshots can be found in the Release Notes for verinice. The date for the autumn release is already fixed. verinice 1.19 will be released in week 46 (11th - 15th November 2019).

Risk Analysis - BSI-Standard 200-3

The verinice.TEAM further simplifies the risk analysis in verinice 1.18.1 according to BSI standard 200-3. Risk assessment and risk treatment are no longer documented in the individual requirements or safeguards but directly in the respective threats. 

Users can now evaluate and document the risk directly in the threat with and without additional safeguards before and after any risk treatment for a package of safeguards.

The elimination of the previous documentation per safeguards/requirement and its calculation in the threats reduces the effort considerably. In addition to further bug fixes and detail improvements, the new procedure significantly increases performance.


The verinice.TEAM publishes the final versions of the Report Templates for the new IT Baseline Protection, which have already been discussed in the verinice.FORUM in recent weeks, and would like to express its thanks to all testers for their constructive feedback. The new or revised report templates will be released exclusively based on the new LTR technology:

The report templates for the Security Assessments according to VDA ISA / TISAX 4.1.0 can now be generated including the spider web diagrams with SVG support.

With verinice 1.18.1, the report templates Risk Management and Risk Treatment for the ISO/ISM Perspective benefit most from the generation via LTR graph technology - customer tests promise a considerably faster generation of reports.

In addition, all report templates are successively internationalized, each report template file only exists once, and additional language versions are made available by simply adding a translation file.

A small but helpful feature is the option to open reports after creation directly from the confirmation dialog, no searching via the file manager is required.

The report queries themselves have also been optimized through caching and other improvements. In particular, the opening of large LTR datasets in verinice and v.Designer has been significantly accelerated.


Users of the modernized IT Basic Protection can now access the texts of the IT Baseline Protection Compendium in the web frontend under tasks for requirements, safeguards and threats, which greatly simplifies the implementation of the individual tasks.

Hinweise zum Update

Two important hints for verinice users come with the update:

An automatic update of the clients to versions 1.18 and 1.17 was unfortunately not possible due to a platform change! See our HowTo. The update of the verinice.PRO server to version 1.18 can be done automatically as usua

SerNet has released version 1.18 of the open source ISMS tool verinice. The verinice.TEAM presents an extensive update, which is especially relevant for working with the Modernized IT Baseline Protection of the German BSI: An optimized modeling as well as the possibility for preliminary hybrid modeling are decisive innovations. All details with extensive screenshots can be found in the Release Notes. The new version is available in the verinice.SHOP (for standalone users) or in the verinice.PRO repository.

Two important notes for verinice users come with the update:

Automatic client updates are not possible for verinice 1.17 and 1.18! We have compiled all necessary information about manual updates in a HowTo. To update the verinice.PRO server to version 1.18, please use the package manager "yum" as usual (see details on the verinice.PRO update).

The verinice.TEAM has released the first beta version of the Information Security Assessment Version 4.1.0 of the German Association of the Automotive Industry (VDA ISA 4.1.0) for use in verinice. An english version is now also available. The corresponding CSV file can be found in the verinice.FORUM. (Please note: The initial post and the thread are German only, however the link for the English beta version is embedded.)

The current version can already be integrated into verinice and be used for asssessments. However, users should note that this beta version is explicitly intended for testing and not for productive use!

In addition, the following restrictions apply:

  • Module 24 Data Protection cannot yet be documented (supported with verinice 1.18 from week 15 2019).
  • The report templates will be supplemented by the modules 23 Third Party Integration and 25 Prototype Protection. They will be made available in the coming weeks (see Extension of the VDA ISA Report Templates for Version 4.1.0 1 – again: thread in German only).

All relevant notes as well as further details are also compiled in the corresponding thread in the verinice.FORUM. The verinice.TEAM is looking forward to feedback and a lively discussion.

The verinice.TEAM changes its release planning as of 2019: Two new versions will be released this year, the dates for a spring and an autumn release have already been set. Features for the respective versions will be presented in the verinice.FORUM (German only atm). 

The following release dates are planned:

  • verinice 1.18 in week 15 (8. - 12. April 2019)
  • verinice 1.19 in week 46 (11. - 15. November 2019)

In the "Roadmap" category (German only atm) in the verinice.FORUM, users can take a look at the features for future versions. They can also propose new features themselves or discuss specifications for already proposed features with the team and other verinice users.

The aim of the dates set and communicated at an early stage is to provide planning security and to be able to schedule updates of productive verinice systems in advance. As before, a feature freeze takes place one month before the release to ensure a thorough test phase.

The user's demand for a fast integration of the German Modernized Baseline Security framework by BSI made a new sub-release 1.17.2 of verinice. and verinice.PRO necessary. Detailed information about bugs and the applied solutions are available in our release notes

A new version of verinice-Client has been provided in our verinice.SHOP for download. Subscribers of verinice.PRO will find the new version 1.17.2 in the respective repositories. 

This update is mandatory for users of the Modernized Baseline Security framework.

Starting with version 1.18 verinice will include a Java Runtime Environment (JRE) of the AdoptOpenJDKinitiative. AdoptOpenJDK creates JRE which contain all security patches and may be used free of charge. For verinice users nothing will change: verinice will still contain a current JRE and the verinice.TEAM will keep the installation as easy as possible.

Previously (incl. version 1.17.x) verinice contained a JRE, which was published by Oracle free of charge. However, Oracle changed the Java release cycle and the license for the JRE in 2018, so that it will no longer be possible to deliver verinice with the Oracle JRE from 2019 on.

Further details and background information can be found in the verinice.FORUM (thread in German).

Search News

Press contact:

Claudia Krell


English languageDeutsche SpracheLingua italianaČeský jazyk
© SerNet GmbH, 2019