{"id":140,"date":"2020-02-28T13:31:00","date_gmt":"2020-02-28T18:31:00","guid":{"rendered":"https:\/\/blogs.sw.siemens.com\/ee-systems\/?p=140"},"modified":"2026-03-26T13:41:19","modified_gmt":"2026-03-26T17:41:19","slug":"ensuring-the-security-of-engineering-software","status":"publish","type":"post","link":"https:\/\/blogs.sw.siemens.com\/ee-systems\/2020\/02\/28\/ensuring-the-security-of-engineering-software\/","title":{"rendered":"Ensuring the security of engineering software"},"content":{"rendered":"\n

Commercial organizations and government agencies are common targets of cyber-attacks due to the valuable information they possess. In one dramatic example<\/a>, information related to the F-35 Joint Strike Fighter, P-8 Poseidon patrol plane, C-130 Hercules cargo plane, Joint Direct Attack Munition (JDAM) bomb, and future Australian Navy ships was ex filtrated from an Australian defense firm in November of 2016 (Figure 1).<\/p>\n\n\n\n

\"\"
Figure 1: Information about the F-35 Fighter was stolen in a notable cyber-security breach <\/figcaption><\/figure>\n\n\n\n

The\nincreased frequency and severe consequences of cyber-security breaches have\nalarmed large corporations around the world. As a result, companies are taking\ngreater measures to secure their information throughout their supply chains.<\/p>\n\n\n\n

Securing Enterprise Software\nSolutions<\/strong><\/h4>\n\n\n\n

Preventing\ncyber-security breaches is crucial to a company\u2019s reputation and to the\nsuccessful operation and growth of its business. Manufacturers around the world\nhave conceived and implemented multi-faceted secure software development\nprograms, strengthening cyber-security for all the software they use. These\nprograms place an intense focus on reducing the risk and cost posed by security\nvulnerabilities in third-party software through testing and secure development\npractices. <\/p>\n\n\n\n

Security\nteams around the world have observed an evolution in hacking techniques in step\nwith security improvements being implemented. As companies reinforced their own\nnetworks and software, hackers began targeting their supply chains. Supply\nchains tend to provide much larger attack surfaces for hackers because large\ncompanies use a lot of third party software. In response, companies are\nexpanding their security programs to collaborate specifically with software\nvendors on establishing uniform procedures for software security. <\/p>\n\n\n\n

A\ncommon first step is to incorporate a security assessment of the vendor\u2019s\nproducts into the procurement process. The results of this assessment can be\ncompiled and supplied to a company\u2019s management to inform their decisions\nduring the procurement process. After establishing a record of clean security\nreports, vendors and their customers will collaboratively evaluate the vendor\u2019s\nsecure software development lifecycle (S-SDLC) process as a whole. In some\ncases, vendors may demonstrate processes that are robust enough to deliver\nproducts routinely that meet security requirements. <\/p>\n\n\n\n

The Vendor Perspective<\/strong><\/h4>\n\n\n\n

Advanced\nsecurity capabilities are a necessary feature for cutting-edge engineering\nsoftware in today\u2019s market. More and more companies are asking their software\nvendors to perform systematic verification of the security of their software.\nYet, there are important factors for vendors to consider when investing in\nimproved product security. <\/p>\n\n\n\n

Security is traditionally a concern of IT or a dedicated security department, not each of the software development teams. Security is also a personnel problem, meaning that HR will be involved to create and host trainings on how to handle data properly (figure 2). Overall, the push for more secure software will require teams to collaborate that have not done so previously, creating a need for new processes. Furthermore, enhancing the security of sophisticated software requires a holistic approach. The vendor must add security features, like data encryption or an audit trail, and harden their software by identifying weaknesses in the code and resolving them. In sum, a vendor\u2019s decision about investing in product security should be based on the impact that it may have on the sustainable growth of their business.<\/p>\n\n\n\n

\"\"
Figure 2: A holistic approach to secure development includes training personnel to behave with security in mind. <\/figcaption><\/figure>\n\n\n\n

Securing\nthe Enterprise\u2019s Future<\/strong><\/p>\n\n\n\n

Today,\ncompanies are investing in the development of robust, comprehensive, and\npowerful safeguards against the numerous cybersecurity threats of the modern\nworld. This is the culmination of the critical observation that cyber-criminals\nbegan targeting not just major corporations, but their supply chains as well. As\na result, companies are beginning to work directly with their software partners\nto establish robust and consistent security practices across their supply\nchains.<\/p>\n\n\n\n

This\nenhanced focus on security is driving software vendors to adopt new processes\nand approach security from a more holistic perspective. Achieving greater\nsecurity may require previously unrelated teams to collaborate, and an investment\nin new technologies. Vendors that commit to improved security, however, will\ndifferentiate their products by providing better protection to their customers,\nand themselves.<\/p>\n\n\n\n

To continue reading, please download our whitepaper Ensuring the security of engineering software<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Commercial organizations and government agencies are common targets of cyber-attacks due to the valuable information they possess. In one dramatic…<\/p>\n","protected":false},"author":69466,"featured_media":131,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"spanish_translation":"","french_translation":"","german_translation":"","italian_translation":"","polish_translation":"","japanese_translation":"","chinese_translation":"","footnotes":""},"categories":[85],"tags":[130,99],"industry":[35,39,37,36,38,41,40],"product":[],"coauthors":[511],"class_list":["post-140","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ebook","tag-cyber-security","tag-electrical-systems-engineering","industry-aerospace-defense","industry-aerospace-defense-agencies","industry-aircraft-airframes","industry-aircraft-engines","industry-avionics-defense-electronics","industry-land-systems","industry-space-systems"],"featured_image_url":"https:\/\/blogs.sw.siemens.com\/wp-content\/uploads\/sites\/24\/2020\/02\/Fig-1-F35-Panther-scaled.jpg","_links":{"self":[{"href":"https:\/\/blogs.sw.siemens.com\/ee-systems\/wp-json\/wp\/v2\/posts\/140","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.sw.siemens.com\/ee-systems\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.sw.siemens.com\/ee-systems\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.sw.siemens.com\/ee-systems\/wp-json\/wp\/v2\/users\/69466"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.sw.siemens.com\/ee-systems\/wp-json\/wp\/v2\/comments?post=140"}],"version-history":[{"count":2,"href":"https:\/\/blogs.sw.siemens.com\/ee-systems\/wp-json\/wp\/v2\/posts\/140\/revisions"}],"predecessor-version":[{"id":142,"href":"https:\/\/blogs.sw.siemens.com\/ee-systems\/wp-json\/wp\/v2\/posts\/140\/revisions\/142"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.sw.siemens.com\/ee-systems\/wp-json\/wp\/v2\/media\/131"}],"wp:attachment":[{"href":"https:\/\/blogs.sw.siemens.com\/ee-systems\/wp-json\/wp\/v2\/media?parent=140"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.sw.siemens.com\/ee-systems\/wp-json\/wp\/v2\/categories?post=140"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.sw.siemens.com\/ee-systems\/wp-json\/wp\/v2\/tags?post=140"},{"taxonomy":"industry","embeddable":true,"href":"https:\/\/blogs.sw.siemens.com\/ee-systems\/wp-json\/wp\/v2\/industry?post=140"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/blogs.sw.siemens.com\/ee-systems\/wp-json\/wp\/v2\/product?post=140"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blogs.sw.siemens.com\/ee-systems\/wp-json\/wp\/v2\/coauthors?post=140"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}