This work addresses the challenges of migrating legacy software to post-quantum cryptography (PQC), including probabilistic behavior, side-channel vulnerabilities, and performance–security trade-offs, which existing tools struggle to manage. To this end, the paper introduces a novel paradigm—Quantum-Safe Software Engineering (QSSE)—that frames PQC migration as a systematic software engineering problem. It presents the Automated Quantum-safe Adaptation (AQuA) framework, built upon three technical pillars: PQC-aware static vulnerability detection, semantic-level program refactoring, and hybrid formal verification. Integrated with joint modeling of performance and security, AQuA offers a scalable toolchain architecture that lays the foundation for next-generation software engineering practices oriented toward quantum resilience.

The quantum threat to cybersecurity has accelerated the standardization of Post-Quantum Cryptography (PQC). Migrating legacy software to these quantum-safe algorithms is not a simple library swap, but a new software engineering challenge: existing vulnerability detection, refactoring, and testing tools are not designed for PQC's probabilistic behavior, side-channel sensitivity, and complex performance trade-offs. To address these challenges, this paper outlines a vision for a new class of tools and introduces the Automated Quantum-safe Adaptation (AQuA) framework, with a three-pillar agenda for PQC-aware detection, semantic refactoring, and hybrid verification, thereby motivating Quantum-Safe Software Engineering (QSSE) as a distinct research direction.