SLJackson

Source Code Security

5 posts in this topic

I know most of the major players like Rockwell and Siemens have security for code that goes beyond the password protection of the controller. My question is this: Is anyone using any type of encryption that might be able to protect source code for HMI and PLC from multiple different manufacturers? My company is an OEM and this has recently come up in our internal discussions. I just wanted to see if anyone had any ideas here. Thanks in advance.

Share this post


Link to post
Share on other sites

I know of no source encryption system that is vendor agnostic.

I specifically insist in all our RFQ's that we the end customer will be able to read and monitor the plc logic for troubleshooting.

Black Box encryption of source is a deal breaker for my end customer firm.

1 person likes this

Share this post


Link to post
Share on other sites

Like BobLfoot, we maintain our own equipment and require access to all code and logic. 

In design reviews, we have encountered many OEMs that use Beckoff or B&R. These devices seem to be centered around proprietary systems.

Share this post


Link to post
Share on other sites

Another end user here who insists on access to the source. We have a bunch of machines here (they started buying them before my time) that have Beckhoff PCs and the OEM's custom HMI software. We're locked in to their stuff and can't do much with them. We have another machine builder now who's also using Beckhoff but who has agreed that we will have full ownership of and access to the source code.

I kind of understand the impetus as an OEM, but if you lock your code, that's a hard "no" from me. If I have any say in it at all, we won't buy it. I've run into too many machines with locked code and an OEM who was out of business or who had abandoned that product line so we couldn't support it and they wouldn't.

The only encryption I would even be a little bit ok with is if it was temporary until the last payment was received and even that would only be if the OEM provided full (free) support during that period. That, of course, would have to be negotiated ahead of time.

Share this post


Link to post
Share on other sites

All of the PLC and HMI code I deliver is unlocked.  As is 90% of my SCADA work.

I have a handful of generic SCADA plugins that I sell as products.  The source code will be delivered over my dead body.  That is, my heirs have instructions to sell that IP to an entity that wishes to maintain it, and/or to the users.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now