| Author | Gaston Fernandez |
| Title | Security Statement for the Windchill Extension Project |
| Description | The purpose of this document is to describe at a high level the security features and procedures |
| Created | 4th Sept 2019 |
| Updated | 15th January 2025 |
| Approved by | Simon Heath |
| Version | 1.4 |
| State | Released |
Windchill Extensions introduce new software assets into existing Windchill systems. Any software introduces potential security risks, and we mitigate this risk with top priority. This article covers:
A vulnerability is a problem in the software code that could be exploited to damage the confidentiality, integrity, or availability of the product or other products that use its code. All software may have potential security vulnerabilities and these may be discovered after the software is delivered to the client.
We have a documented policy (with the SDLC) to issue customer alerts in the case a vulnerability is found.
*Appropriate communications will be sent to users affected by the potential vulnerability, irrespective or if they opted in or out of the notifications in the Windchill Extension Center.
The severity level scope is one of four possible levels defined in the Common Vulnerability Scoring System (CVSS)
Wincom has SLAs which are contained in the SDLC in order to respond, validate and resolve vulnerabilities depending on severity.
The response includes identifying the vulnerability and creating a complete online description of the vulnerability, with a unique ID in our tracking system, along with notifying select personnel within Wincom’s Security Team.
After reviewing the vulnerability and implementing a secure solution, the new version of the software is made available for users to download, the security notice is then sent out to notify users that are known to have downloaded the software, along with a warning on the Windchill Extension Center and PTC’s own site if applicable. Users will be notified to update.
Security is designed into the system. The code delivered is held within the Windchill system and protected by Windchill’s own security mechanism. The code (with the exception of the kernel) is held in an isolated classloader, meaning that it exposes, even to Windchill, a very small amount of features (APIs). All other APIs are inaccessible to external code and access.
All software of the Windchill Extension system is both obfuscated and digitally signed. This is to prevent the reverse engineering of any software, and also to prevent unauthorized software being added to the system. The kernel executes code on the Windchill system. This code must be signed for the kernel to execute the software. The signing is done during download from the Windchill Extension Center and uses a high level of encryption to ensure no unauthorized software may be executed. This protection is in addition to the fact Windchill Extensions may only be loaded by an authorized Windchill administrator.
The Windchill Extension Platform does use Open Source and 3rd Party libraries. The exact version and use of these libraries is available to the system administrator via the Windchill Extension Manager. Each use of these software is approved and reviewed by the senior technical team and a full security audit is performed. Moreover, due to the unique code isolation practices used by the Windchill Extension platform, this software is fully contained within the extension and has no (known) interface visible to the external system.
As and when vulnerabilities are reported on 3rd party software, these are reviewed. An impact assessment is made to verify if the vulnerability may have an effect on any Windchill Extension. An automatic scan of all libraries is done every 2 weeks. Open Source libraries are also used in the User Interface and are also included in the scans.
The only software that is visible to Windchill itself is the extension platform kernel. This does not use any 3rd party or open source software.
The majority of the extension’s code is contained and not available to external actors. However, the extension may expose an accessible “feature”. These features are defined as:
The internal systems used for development are protected by standard security practices. All data is stored and protected following the GDPR guidelines.
No user passwords or security details are persisted (including encrypted) within the Windchill Extension Center, including system logs and files. This data is not accessible to any controller or administrator of the system.
The following user data is persisted and is available to data controller
All Wincom employees, that have the role of data controller, have signed an NDA to ensure they are aware of their legal responsibilities to prevent data breaches and are fully informed and work to the standards defined in the Wincom SDLC that is fully reviewed and approved.
Any breach of security resulting in data loss will be immediately communicated to all parties concerned.
All Windchill Extension developers are trained on security practices to be used while developing code. These include common potential security flaws and specific high risk practices when using the Windchill API. In the code, developers declare external features identified by the kernel. These declarations ensure that the security tests can easily identify these points of entry.
The test plans are created for risk points. They have test use cases that are identified and executed. All features are tested and reviewed for potential vulnerabilities.