Search
START TYPING AND PRESS ENTER TO SEARCH

Siemens Healthineers

 

CUSTOMER STORY

SIEMENS HEALTHINEERS ACCELERATES APPLICATION DEVELOPMENT SECURELY WITH CHECKMARX

Leading Medical Equipment and Supplies Manufacturer
Improves Quality and Speed of AppSec Testing Using
Checkmarx Static Application Security Testing (SAST)
Siemens Healthineers provides advanced medical devices and software that support clinical decision-making and treatment pathways. In doing so, this MedTech pioneer helps healthcare professionals deliver high-quality care, leading to the best possible outcomes for patients. The company is headquartered in Germany, employs more than 66,000 professionals in more than 3,200 subsidiaries around the globe, and generates more than $21 billion in sales (USD) annually.

We’re a global team and our primary focus is to ensure that the development lifecycle is secure and that we’re performing security testing. Safety is a part of quality, and we feel strongly that security is part of quality as well. To help us do that, we’ve used Checkmarx Static Application Security Testing (SAST) since 2017. This solution provides us data we’ve never had before, much earlier in the application development process.

~Terezia Mezesova, Head of Secure Development Support, Siemens Healthineers

THE NEED

Deliver Safe, Secure Software to Run and Support Medical Devices

The Siemens Healthineers cybersecurity team is responsible for testing the security of software that runs the devices as well as the apps that support them, such as desktop web applications that healthcare staff can log into.

Before Checkmarx, the company relied on penetration testing (pen testing) to find vulnerabilities and noticed a fair number of code-related vulnerabilities in their internally developed applications. They realized that the static code checkers they were using were simply not focused enough on security.

“While we had internal guidelines on how to develop software securely, we wanted to get a better baseline of what secure code looked like and found that the tools we were using at the time weren’t that helpful,” said Terezia Mezesova, Head of Secure Development Support at Siemens Healthineers.

THE SOLUTION

Checkmarx Static Application Security Testing

The company chose Checkmarx SAST for its highly accurate static code analysis, flexibility to run full and incremental scans as needed, comprehensive vulnerability reports, and ability to be deployed on-premises, in the cloud, or in hybrid environments.

THE BOTTOM LINE

Fast and Comprehensive Scan Results and More Secure Software

Siemens Healthineers is now able to find vulnerabilities much earlier in the development lifecycle, when it is still possible to make changes, to ensure that the applications powering and supporting the company’s medical devices are as safe and secure as possible.

The company uses Checkmarx SAST as a first security check of the code and is able to provide data they didn’t have before when they were only pen testing. Checkmarx SAST also accelerates time to remediation, enabling developers to fix multiple vulnerabilities at a single point in the code, using the solution’s unique “Best Fix Location” guidance.

Additionally, Checkmarx SAST gives Siemens Healthineers a complete understanding of root causes of identified vulnerabilities.

DOWNLOAD FULL STORY HERE

For the source code analysis, one of the biggest advantages of Checkmarx is that it is super easy to set up a project.
We didn’t need to change the structure of the repository. We could literally take the repository as a whole and run the scan on it. The fact that uncompiled code can be scanned is a huge benefit.

~Terezia Mezesova, Head of Secure Development Support, Siemens Healthineers

WHY CUSTOMER CHOSE CHECKMARX

The company turned to Checkmarx for a proof-of-concept (PoC) of its SAST solution, and then compared the results of the PoC with results from previous tools. “We quickly came to the conclusion that this is what we wanted for use during software development, pre-production,” Mezesova noted.

The on-premises deployability of Checkmarx SAST was particularly important to Siemens Healthineers because medical devices are part of a highly regulated industry that’s not particularly amenable to a SaaS model.

To get the ball rolling, we partnered with the security group that already had great relationships with the development team,” Mezesova recalled. “We ran a couple of awareness campaigns to show how static analysis could identify vulnerabilities earlier in the development cycle to save the pen testers time and make more efficient use of the testing budget.”

THE MAJORITY OF PROJECTS SCANNED WEEKLY

0 +
Applications
tested
0
Million lines of
codes scanned
weekly
0 %
Projects
scanned
every week

TAKE A CLOSER LOOK AT OUR CUSTOMERS

Learn how customers worldwide save critical development time

by seamlessly integrating security into their software development

lifecycle and accelerate time to market.

VIEW CUSTOMER STORIES

Contact Us

Interested in learning more about our unified platform and services?
Get in touch with a member of our team.
Request a Demo
Learn More
Solutions
Industry
Solutions For
Services
Partners
COMPARE
Company
Resources
Community
Linkedin Twitter Youtube Facebook

Terms of Use | Checkmarx Privacy Policy | Checkmarx.com Cookie Policy

©2024 Checkmarx Ltd. All Rights Reserved. iISO/IEC 27001:2013 Certified

Skip to content