Was kostet eine Softwareentwicklung in München?

Die Kosten für Softwareentwicklung variieren je nach Projektumfang. Für individuelle SaaS-Lösungen, CRM-Systeme oder Automatisierungsprojekte erstelle ich gerne ein unverbindliches Angebot. Kontaktieren Sie mich für ein kostenloses Erstgespräch.

Wie lange dauert ein Software-Projekt?

Die Projektdauer hängt vom Umfang ab. Einfache Automatisierungen können in 2-4 Wochen umgesetzt werden, während komplexe SaaS-Plattformen oder CRM-Migrationen mehrere Monate dauern können. Nach einem ersten Gespräch kann ich einen realistischen Zeitrahmen nennen.

Welche Technologien werden für die Softwareentwicklung verwendet?

Ich arbeite mit modernen Technologien wie Python, React, Next.js, TypeScript und Node.js. Für Automatisierungen nutze ich n8n und Odoo. Die Technologiewahl richtet sich nach den spezifischen Anforderungen Ihres Projekts.

Bieten Sie auch IT-Beratung an?

Ja, neben der Softwareentwicklung biete ich auch IT-Beratung und strategische Beratung für digitale Transformation an. Dies umfasst Technologieauswahl, Prozessoptimierung und Projektmanagement.

Kann ich Sie auch für kurzfristige Projekte engagieren?

Ja, ich bin flexibel und kann sowohl für langfristige Projekte als auch für kurzfristige Aufträge wie Workflow-Automatisierungen, Datenmigrationen oder technische Beratung engagiert werden.

Was ist KI-Implementierung im Mittelstand?

KI-Implementierung im Mittelstand bedeutet die strategische Einführung von künstlicher Intelligenz in Geschäftsprozesse. Dies umfasst Use-Case-Identifikation, Pilotprojekte und schrittweise Skalierung. Der Fokus liegt auf pragmatischen Lösungen mit messbarem ROI.

Was kostet Prozessautomatisierung mit n8n oder Make?

Die Kosten für Prozessautomatisierung variieren stark. Einfache Workflows starten bei 2.000-5.000€, komplexere Multi-System-Integrationen können 15.000-50.000€ kosten. Laufende Kosten für Tools liegen bei 20-500€/Monat je nach Volumen.

Wie messe ich den ROI von Automatisierung?

Der ROI von Automatisierung wird berechnet durch: (Jährliche Einsparungen - Jährliche Kosten) / Gesamtinvestition × 100. Typische Einsparungen umfassen Zeitersparnis, reduzierte Fehlerkosten und Skalierbarkeit. Ein gut geplantes Automatisierungsprojekt amortisiert sich meist innerhalb von 6-12 Monaten.

Post-Quantum Cryptography: When Must Enterprises Act?

"Harvest now, decrypt later" – attackers are collecting encrypted data today to decrypt it once quantum computers become powerful enough.

The question is not IF, but WHEN. And for IT decision makers, this means: Plan now to avoid panic later.

The Quantum Computer Problem

What Quantum Computers Can (Will) Do

Current encryption is based on mathematical problems that are practically unsolvable for classical computers:

RSA: Factorization of large numbers
ECC: Elliptic curve problem
Diffie-Hellman: Discrete logarithm

The problem: Quantum computers with Shor's algorithm solve these problems in polynomial time – practically instantly.

What This Means

Secure Today	With Quantum Computer
RSA-2048	Broken in hours
ECC-256	Broken in hours
AES-256	Weakened (128-bit security)
SHA-256	Slightly weakened

The Timeline

When does it become critical?

Scenario	Timeframe	Probability
Research quantum computers	Now	100% (they exist)
Cryptographically relevant QC	2030-2035	50% according to experts
Broad availability	2035-2040	Unclear

But: "Harvest now, decrypt later" means that data intercepted today can be decrypted in the future.

Relevance by data lifespan:

Data Type	Lifespan	Action Required
State secrets	25+ years	Immediately
Trade secrets	10-20 years	Short-term
Personal data	5-10 years	Medium-term
Transaction data	1-5 years	Long-term

Post-Quantum Cryptography (PQC)

What Is PQC?

Post-quantum cryptography uses mathematical problems that even quantum computers cannot solve efficiently:

Lattice-based: CRYSTALS-Kyber, CRYSTALS-Dilithium
Hash-based: SPHINCS+
Code-based: Classic McEliece
Multivariate: Less promising

NIST Standards (Finalized 2024)

The US NIST published the first PQC standards in 2024:

Standard	Algorithm	Application
FIPS 203 (ML-KEM)	CRYSTALS-Kyber	Key Encapsulation
FIPS 204 (ML-DSA)	CRYSTALS-Dilithium	Digital Signatures
FIPS 205 (SLH-DSA)	SPHINCS+	Stateless Signatures

Advantages and Challenges

Advantages:

Quantum-safe (according to current knowledge)
Standardized and reviewed
Implementations available

Challenges:

Larger keys and signatures
Higher computational overhead
Compatibility issues
Little practical experience yet

Where PQC Is Relevant

Area 1: TLS/HTTPS

Status:

Chrome and Firefox experimentally support Kyber (ML-KEM)
Cloudflare offers PQC-TLS
AWS, Google Cloud experimenting

Action required:

Medium: Browser-side usually automatic
Server: Update to current TLS stacks

Area 2: VPN & Network

Status:

WireGuard working on PQC support
Some commercial VPNs offer PQC
Cisco, Palo Alto in development

Action required:

High: For sensitive network connections
Evaluate PQC-capable solutions

Area 3: Email Encryption

Status:

S/MIME and PGP: No broad PQC support yet
Proton Mail experimenting
Standard development ongoing

Action required:

Medium to high for sensitive communications
Alternative: Hybrid approaches

Area 4: Digital Signatures

Status:

Code signing: First PQC certificates
Documents: PDF signatures still classical
Blockchain: Increasingly a topic

Action required:

High: For long-term valid signatures
Especially: Software signing, contracts

Area 5: PKI & Certificates

Status:

CAs beginning PQC experiments
Hybrid certificates in development
IETF standards in progress

Action required:

High: PKI is foundation of many systems
Early planning necessary

The PQC Migration Plan

Phase 1: Inventory (Month 1-2)

Create crypto inventory:

System	Crypto Usage	Data Sensitivity	Priority
Web apps	TLS 1.3, RSA-2048	Medium	Low
VPN	IPsec, ECDHE	High	High
Email	TLS, no E2E	Medium	Medium
Database	AES-256	High	Low (AES okay)
Signatures	RSA-2048, SHA-256	High	High

Answer questions:

Where is asymmetric cryptography used?
Which data is long-term sensitive?
Which systems are hard to update?
What dependencies exist?

Phase 2: Risk Assessment (Month 3)

Risk matrix:

Risk	Probability	Impact	Score
TLS broken	Medium (2030+)	High	Medium
VPN compromised	Medium	Very high	High
Signatures invalid	Low (2030+)	High	Medium
Harvest now, decrypt later	Now	Varies	High for sensitive data

Prioritization:

Highest priority: Long-lived secrets
High priority: VPN, internal communication
Medium priority: Web TLS
Lower priority: Symmetric crypto (AES sufficient)

Phase 3: Strategy (Month 4)

Options:

Strategy	Description	When Suitable
Wait	No action now	Low sensitivity
Hybrid	Classical + PQC parallel	Medium sensitivity
PQC-first	Fastest possible migration	High sensitivity

Recommendation for most enterprises:

Hybrid approaches as transition
Prioritize critical systems
Roadmap for complete migration

Phase 4: Pilot Projects (Month 5-8)

Recommended pilots:

TLS with Kyber:
- Migrate web server to PQC-TLS
- Use Cloudflare or AWS CloudFront
- Measure performance
VPN with PQC:
- Test environment with PQC-VPN
- WireGuard with PQ extension
- Test latency and stability
Internal Signatures:
- Code signing with Dilithium
- Test document signatures
- Check workflow compatibility

Phase 5: Rollout (Month 9-24)

Migration roadmap:

2026: Inventory, strategy, first pilots
2027: Hybrid TLS implementation, VPN migration
2028: Plan PKI renewal, signature migration
2029: Full PQC capability for critical systems
2030: Complete main migration

Technical Implementation

TLS with Kyber (ML-KEM)

Nginx configuration (example):

ssl_protocols TLSv1.3;
ssl_ecdh_curve X25519Kyber768Draft00:X25519:secp384r1;

OpenSSL 3.2+ supports:

Kyber512, Kyber768, Kyber1024
Hybrid variants

VPN with PQC

WireGuard + PQ:

Rosenpass project for WireGuard
Hybrid key exchange

Commercial options:

Cloudflare WARP (experimental)
Tailscale (in development)

Code Signing

First steps:

Test environment with Dilithium
Parallel signatures (classical + PQC)
Build verification infrastructure

Costs and Resources

Typical Efforts

Measure	Effort	Cost
Crypto inventory	2-4 weeks	€10,000-30,000
Risk assessment	1-2 weeks	€5,000-15,000
TLS pilot	1 week	€5,000-10,000
VPN migration	2-4 weeks	€15,000-50,000
PKI renewal	2-6 months	€50,000-200,000

Resource Requirements

Skills:

Cryptography fundamentals
PKI expertise
Network security

External support:

Recommended for inventory and strategy
Specialists for PKI migration
Penetration testing after migration

FAQ: Frequently Asked Questions

"Do we need to act NOW?"

Answer: Depends on data sensitivity and lifespan.

State secrets: Yes, immediately
Trade secrets: Within 2 years
Standard business: Create roadmap, implement 2027-2028

"Is AES-256 still secure?"

Answer: Yes. Symmetric cryptography is less affected.

AES-256 provides ~128-bit security against quantum attacks (Grover's algorithm)
That's still very strong
Focus on asymmetric crypto (RSA, ECC)

"Will our TLS connections become insecure?"

Answer: Not immediately, but...

Currently intercepted traffic could be decrypted later
"Harvest now, decrypt later" is real
Perfect Forward Secrecy helps, but session keys are also vulnerable

"What about blockchain/Bitcoin?"

Answer: Also affected.

ECDSA signatures can be broken
Public keys = attack target
Bitcoin community working on solutions

"Can we wait for vendor updates?"

Answer: Partially.

Large vendors (Microsoft, Google, AWS) will update
But: Your own PKI, legacy systems, custom software need active migration
Inventory and planning is YOUR job

Checklist: PQC Readiness

Immediately

Start crypto inventory
Data classification (lifespan)
Awareness with management

Short-term (6 months)

Complete risk assessment
Create roadmap
Plan budget
First pilots

Medium-term (12-24 months)

Hybrid TLS implementation
Evaluate VPN migration
Plan PKI renewal
Signature strategy

Long-term (2027+)

Complete migration
Replace legacy systems
Continuous monitoring
Follow standards updates

Conclusion

Post-quantum cryptography is not panic, but also not "tomorrow's problem." The right time to plan is NOW.

The three most important steps:

Know what you have – Crypto inventory
Understand what's critical – Evaluate data lifespan
Create roadmap – Not everything at once, but planned

Need support with PQC planning? We help with inventory, risk assessment, and migration roadmap. Get in touch

Post-Quantum Cryptography: When Must Enterprises Act?

The Quantum Computer Problem

What Quantum Computers Can (Will) Do

What This Means

The Timeline

Post-Quantum Cryptography (PQC)

What Is PQC?

NIST Standards (Finalized 2024)

Advantages and Challenges

Where PQC Is Relevant

Area 1: TLS/HTTPS

Area 2: VPN & Network

Area 3: Email Encryption

Area 4: Digital Signatures

Area 5: PKI & Certificates

The PQC Migration Plan

Phase 1: Inventory (Month 1-2)

Phase 2: Risk Assessment (Month 3)

Phase 3: Strategy (Month 4)

Phase 4: Pilot Projects (Month 5-8)

Phase 5: Rollout (Month 9-24)

Technical Implementation

TLS with Kyber (ML-KEM)

VPN with PQC

Code Signing

Costs and Resources

Typical Efforts

Resource Requirements

FAQ: Frequently Asked Questions

"Do we need to act NOW?"

"Is AES-256 still secure?"

"Will our TLS connections become insecure?"

"What about blockchain/Bitcoin?"

"Can we wait for vendor updates?"

Checklist: PQC Readiness

Immediately

Short-term (6 months)

Medium-term (12-24 months)

Long-term (2027+)

Conclusion

Related Articles

Automation for Businesses: Where to Begin?

Dark Patterns: Why Manipulative Design Works – And How to Do Better

Have a similar project?