Security for Windchill Extensions

Author Gaston Fernandez
Title Security Statement for the Windchill Extension Project
Description The purpose of this document is to describe at a high level the security features and procedures
Created 4th Sept 2019
Updated 1st Sept 2021
Approved by Simon Heath
Version 1.1
State Released


Windchill Extensions introduce new software assets into existing Windchill systems. Any software introduces potential security risks, and we mitigate this risk with top priority. This article covers:

  • The scope and potential impact of vulnerabilities
  • The response and resolution to these potential vulnerabilities

Security Vulnerability Alerts

About Vulnerabilities

A vulnerability is a problem in the software code that could be exploited to damage the confidentiality, integrity, or availability of the product or other products that use its code. All software may have potential security vulnerabilities and these may be discovered after the software is delivered to the client.

Alerts and Communication

We have a documented policy to issue customer alerts in the case a vulnerability is found.

  1. Identify the vulnerability and create a complete online description of the vulnerability, with a unique ID
  2. Send a communication to all users that are known to have downloaded any affected software*
  3. In the case of a critical or high level, a clear warning is placed on the Windchill Extension. PTC also issues a warning

*Appropriate communications will be sent to users affected by the potential vulnerability, irrespective or if they opted in or out of the notifications in the Windchill Extension Center.

Security Levels

The severity level is one of four possible levels defined in the Common Vulnerability Scoring System (CVSS), Section 2.1.2

  • Low
  • Moderate
  • High
  • Critical

Technical Security Infrastructure

General Architecture

Security is designed into the system. The code delivered is held within the Windchill system and protected by Windchill’s own security mechanism. The code (with the exception of the kernel) is held in an isolated classloader, meaning that it exposes, even to Windchill, a very small amount of features (APIs). All other APIs are inaccessible to external code and access.

Digital Signing

All software of the Windchill Extension system is both obfuscated and digitally signed. This is to prevent the reverse engineering of any software, and also to prevent unauthorized software being added to the system. The kernel executes code on the Windchill system. This code must be signed for the kernel to execute the software. The signing is done during download from the Windchill Extension Center and uses a high level of encryption to ensure no unauthorized software may be executed. This protection is in addition to the fact Windchill Extensions may only be loaded by an authorized Windchill administrator.

Open Source and 3rd Party Software

The Windchill Extension Platform does use Open Source and 3rd Party libraries. The exact version and use of these libraries is available to the system administrator via the Windchill Extension Manager. Each use of these software is approved and reviewed by the senior technical team and a full security audit is performed. Moreover, due to the unique code isolation practices used by the Windchill Extension platform, this software is fully contained within the extension and has no (known) interface visible to the external system.

As and when vulnerabilities are reported on 3rd party software, these are reviewed. An impact assessment is made to verify if the vulnerability may have an effect on any Windchill Extension.

Open Source libraries are also used in the User Interface, and these are protected by standard browser security mechanisms.

The only software that is visible to Windchill itself is the extension platform kernel. This does not use any 3rd party or open source software.

External Software Entry Points

The majority of the extension’s code is contained and not available to external actors. However, the extension may expose an accessible “feature”. These features are defined as:

  • API features
  • UI features
  • Command Lines
  • WebServices or Rest interfaces

Data Protection and System Security

The internal systems used for development are protected by standard security practices. All data is stored and protected following the GDPR guidelines.

No user passwords or security details are persisted (including encryted) within the Windchill Extension Center, including system logs and files. This data is not accessible to any controller or administrator of the system.

The following user data is persisted and is available to data controller

  • Name
  • email
  • PTC Client ID
  • Client Name
  • Last login
  • Roles (Specific to the center)
  • Email opt in

All Wincom employees, that have the role of data controller, have signed an NDA to ensure they are aware of their legal responsibilities to prevent data breaches.

Any breach of security resulting in data loss will be immediately communicated to all parties concerned.

Development and Deployment Practices

Developer Training and Practices

All Windchill Extension developers are trained on security practices to be used while developing code. These include common potential security flaws and specific high risk practices when using the Windchill API. In the code, developers declare external features identified by the kernel. These declarations ensure that the security tests can easily indentify these points of entry.

Testing Practices

Before release, all code is reviewed and scanned for security issues.

Testing plans specifically identify risk points. These risk points have test use cases specifically identified and executed. All features are tested and reviewed for potential vulnerabilities.

Was this article helpful? Votes: 1
Article details:
Published date: 08/09/2019 8:00AM
Last updated: 07/11/2021 9:05AM ( -
Share article: 
Author: (