The Community for Technology Leaders
RSS Icon
Issue No.02 - March/April (2012 vol.10)
pp: 97-101
Peter Panholzer , Siemens
Siemens' central security team drives secure software development across a diverse product portfolio. From factory automation to wind turbines, Siemens builds security in by activities including standardizing roles and responsibilities, threat and risk analysis, and product security risk management across Siemens' 15,000 software developers.
Siemens, secure software development, risk analysis, threat analysis, software engineering
Barbara Fichtinger, Frances Paulisch, Peter Panholzer, "Driving Secure Software Development Experience in a Diverse Product Environment", IEEE Security & Privacy, vol.10, no. 2, pp. 97-101, March/April 2012, doi:10.1109/MSP.2012.35
1. Health Insurance Portability and Accountability Act, Public Law No. 104-191, 1996; PLAW-104publ191.htm.
2. American Recovery and Reinvestment Act of 2009, Public Law 111-5, 2009; .
3. "Requirements for Secure Control and Telecommunication Systems," ver 1.0, white paper, Bundesverband der Energie- und Wasserwirtschaft e.V. (German Assoc. of Energy and Water Supply), 2008.
4. Cyber Security—Electronic Security Perimeter(s), North Am. Electric Reliability Corp., standard CIP-005-4a, Jan. 2011;
5. Cyber Security—Systems Security Management, North Am. Electric Reliability Corp., standard CIP-007-4, Jan. 2011;
6. Process Control Domain—Security Requirements for Vendors, WIB report M 2784-X-10, Int'l Instrument Users' Assoc., Oct. 2010.
7. CMMI for Development, ver. 1.3, Software Eng. Inst., Carnegie Mellon Univ., Nov. 2010.
8. Microsoft Security Development Lifecycle (SDL), ver. 5.1, Microsoft, 2011; .
9. F. Paulisch and P. Zimmerer, "A Role-Based Qualification and Certification Program for Software Architects: An Experience Report from Siemens," Proc. 2010 Int'l Conf. Software Eng. (ICSE 10), ACM, 2010, pp. 21–27.
6 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool