|Title||Security Statement for the Windchill Extension Project|
|Description||The purpose of this document is to describe at a high level the security features and procedures|
|Created||4th Sept 2019|
|Updated||14th Sept 2019|
|Next Review||14th Sept 2020|
|Approved by||Simon Heath|
Windchill Extensions introduce new software assets into existing Windchill systems. Any software introduces potential security risks, and we mitigate this risk with top priority. This article covers:
A vulnerability is a problem in the software code that could be exploited to damage the confidentiality, integrity, or availability of the product or other products that use its code. All software may have potential security vulnerabilities and these may be discovered after the software is delivered to the client.
We have a documented policy to issue customer alerts in the case a vulnerability is found.
*Appropriate communications will be sent to users affected by the potential vulnerability, irrespective or if they opted in or out of the notifications in the Windchill Extension Center.
The severity level is one of four possible levels defined in the Common Vulnerability Scoring System (CVSS), Section 2.1.2
Security is designed into the system. The code delivered is held within the Windchill system and protected by Windchill’s own security mechanism. The code (with the exception of the kernel) is held in an isolated classloader, meaning that it exposes, even to Windchill, a very small amount of features (APIs). All other APIs are inaccessible to external code and access.
All software of the Windchill Extension system is both obfuscated and digitally signed. This is to prevent the reverse engineering of any software, and also to prevent unauthorized software being added to the system. The kernel executes code on the Windchill system. This code must be signed for the kernel to execute the software. The signing is done during download from the Windchill Extension Center and uses a high level of encryption to ensure no unauthorized software may be executed. This protection is in addition to the fact Windchill Extensions may only be loaded by an authorized Windchill administrator.
The Windchill Extension Platform does use Open Source and 3rd Party libraries. The exact version and use of these libraries is available to the system administrator via the Windchill Extension Manager. Each use of these software is approved and reviewed by the senior technical team and a full security audit is performed. Moreover, due to the unique code isolation practices used by the Windchill Extension platform, this software is fully contained within the extension and has no (known) interface visible to the external system.
As and when vulnerabilities are reported on 3rd party software, these are reviewed. An impact assessment is made to verify if the vulnerability may have an effect on any Windchill Extension.
Open Source libraries are also used in the User Interface, and these are protected by standard browser security mechanisms.
The only software that is visible to Windchill itself is the extension platform kernel. This does not use any 3rd party or open source software.
The majority of the extension’s code is contained and not available to external actors. However, the extension may expose an accessible “feature”. These features are defined as:
The internal systems used for development are protected by standard security practices. All data is stored and protected following the GDPR guidelines.
No user passwords or security details are persisted (including encryted) within the Windchill Extension Center, including system logs and files. This data is not accessible to any controller or administrator of the system.
The following user data is persisted and is available to data controller
All Wincom employees, that have the role of data controller, have signed an NDA to ensure they are aware of their legal responsibilities to prevent data breaches.
Any breach of security resulting in data loss will be immediately communicated to all parties concerned.
All Windchill Extension developers are trained on security practices to be used while developing code. These include common potential security flaws and specific high risk practices when using the Windchill API. In the code, developers declare external features identified by the kernel. These declarations ensure that the security tests can easily indentify these points of entry.
Before release, all code is reviewed and scanned for security issues.
Testing plans specifically identify risk points. These risk points have test use cases specifically identified and executed. All features are tested and reviewed for potential vulnerabilities.