This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Driving Secure Software Development Experience in a Diverse Product Environment
March/April 2012 (vol. 10 no. 2)
pp. 97-101
Siemens' central security team drives secure software development across a diverse product portfolio. From factory automation to wind turbines, Siemens builds security in by activities including standardizing roles and responsibilities, threat and risk analysis, and product security risk management across Siemens' 15,000 software developers.

1. Health Insurance Portability and Accountability Act, Public Law No. 104-191, 1996; www.gpo.gov/fdsys/pkg/PLAW-104publ191/html PLAW-104publ191.htm.
2. American Recovery and Reinvestment Act of 2009, Public Law 111-5, 2009; http://frwebgate.access.gpo.gov/cgi-bingetdoc.cgi?dbname=111_cong_bills&docid=f:h1enr.pdf .
3. "Requirements for Secure Control and Telecommunication Systems," ver 1.0, white paper, Bundesverband der Energie- und Wasserwirtschaft e.V. (German Assoc. of Energy and Water Supply), 2008.
4. Cyber Security—Electronic Security Perimeter(s), North Am. Electric Reliability Corp., standard CIP-005-4a, Jan. 2011; www.nerc.com/filesCIP-005-4a.pdf.
5. Cyber Security—Systems Security Management, North Am. Electric Reliability Corp., standard CIP-007-4, Jan. 2011; www.nerc.com/filesCIP-007-4.pdf.
6. Process Control Domain—Security Requirements for Vendors, WIB report M 2784-X-10, Int'l Instrument Users' Assoc., Oct. 2010.
7. CMMI for Development, ver. 1.3, Software Eng. Inst., Carnegie Mellon Univ., Nov. 2010.
8. Microsoft Security Development Lifecycle (SDL), ver. 5.1, Microsoft, 2011; http://msdn.microsoft.com/en-us/librarycc307748.aspx .
9. F. Paulisch and P. Zimmerer, "A Role-Based Qualification and Certification Program for Software Architects: An Experience Report from Siemens," Proc. 2010 Int'l Conf. Software Eng. (ICSE 10), ACM, 2010, pp. 21–27.

Index Terms:
Siemens, secure software development, risk analysis, threat analysis, software engineering
Citation:
Barbara Fichtinger, Frances Paulisch, Peter Panholzer, "Driving Secure Software Development Experience in a Diverse Product Environment," IEEE Security & Privacy, vol. 10, no. 2, pp. 97-101, March-April 2012, doi:10.1109/MSP.2012.35
Usage of this product signifies your acceptance of the Terms of Use.