Siemens Healthineers
CUSTOMER STORY
SIEMENS HEALTHINEERS ACCELERATES APPLICATION DEVELOPMENT SECURELY WITH CHECKMARX

Leading Medical Equipment and Supplies Manufacturer
Improves Quality and Speed of AppSec Testing Using
Checkmarx Static Application Security Testing (SAST)
“We’re a global team and our primary focus is to ensure that the development lifecycle is secure and that we’re performing security testing. Safety is a part of quality, and we feel strongly that security is part of quality as well. To help us do that, we’ve used Checkmarx Static Application Security Testing (SAST) since 2017. This solution provides us data we’ve never had before, much earlier in the application development process.”
~Terezia Mezesova, Head of Secure Development Support, Siemens Healthineers
THE NEED
Deliver Safe, Secure Software to Run and Support Medical Devices
The Siemens Healthineers cybersecurity team is responsible for testing the security of software that runs the devices as well as the apps that support them, such as desktop web applications that healthcare staff can log into.
Before Checkmarx, the company relied on penetration testing (pen testing) to find vulnerabilities and noticed a fair number of code-related vulnerabilities in their internally developed applications. They realized that the static code checkers they were using were simply not focused enough on security.
“While we had internal guidelines on how to develop software securely, we wanted to get a better baseline of what secure code looked like and found that the tools we were using at the time weren’t that helpful,” said Terezia Mezesova, Head of Secure Development Support at Siemens Healthineers.
THE SOLUTION
Checkmarx Static Application Security Testing
The company chose Checkmarx SAST for its highly accurate static code analysis, flexibility to run full and incremental scans as needed, comprehensive vulnerability reports, and ability to be deployed on-premises, in the cloud, or in hybrid environments.
THE BOTTOM LINE
Fast and Comprehensive Scan Results and More Secure Software
Siemens Healthineers is now able to find vulnerabilities much earlier in the development lifecycle, when it is still possible to make changes, to ensure that the applications powering and supporting the company’s medical devices are as safe and secure as possible.
The company uses Checkmarx SAST as a first security check of the code and is able to provide data they didn’t have before when they were only pen testing. Checkmarx SAST also accelerates time to remediation, enabling developers to fix multiple vulnerabilities at a single point in the code, using the solution’s unique “Best Fix Location” guidance.
Additionally, Checkmarx SAST gives Siemens Healthineers a complete understanding of root causes of identified vulnerabilities.
“For the source code analysis, one of the biggest advantages of Checkmarx is that it is super easy to set up a project.
We didn’t need to change the structure of the repository. We could literally take the repository as a whole and run the scan on it. The fact that uncompiled code can be scanned is a huge benefit.“
~Terezia Mezesova, Head of Secure Development Support, Siemens Healthineers
WHY CUSTOMER CHOSE CHECKMARX
The company turned to Checkmarx for a proof-of-concept (PoC) of its SAST solution, and then compared the results of the PoC with results from previous tools. “We quickly came to the conclusion that this is what we wanted for use during software development, pre-production,” Mezesova noted.
The on-premises deployability of Checkmarx SAST was particularly important to Siemens Healthineers because medical devices are part of a highly regulated industry that’s not particularly amenable to a SaaS model.
To get the ball rolling, we partnered with the security group that already had great relationships with the development team,” Mezesova recalled. “We ran a couple of awareness campaigns to show how static analysis could identify vulnerabilities earlier in the development cycle to save the pen testers time and make more efficient use of the testing budget.”
THE MAJORITY OF PROJECTS SCANNED WEEKLY
tested
codes scanned
weekly
scanned
every week
TAKE A CLOSER LOOK AT OUR CUSTOMERS
Learn how customers worldwide save critical development time
by seamlessly integrating security into their software development
lifecycle and accelerate time to market.