Security evaluation of software is getting more and more common in large enterprises to ensure that they can trust the software and secure the processed data. But beneath the common source code reviews, pentests and fuzzing tests, it's still hard to rate the security of closed source software without reverse engineering it. This talk will introduce some ideas how to rate this software in an almost automated way using the right tools and based on some quality metrics and other facts of the binary. It will give some advises how to implement the concept in the enterprise.