Ericsson AB develops platforms to enable network operators to offer services accessible to customers using different devices. These platforms need to be highly secure. Ericsson operates in several countries in Asia, Africa, and South America.

The security team at Ericsson comprises security officers, security experts, and pentesters. Each development team includes a security master—i.e., a developer with additional security training—who supports the rest of the team together with the security experts. Ericsson and BTH collaborated in the past in the area of secure software engineering, performing a study to understand the company’s current security posture.

Ericsson has a keen interest in shifting left its security activities; moreover, the company already employs DevOps and has a strong software quality and testing culture. Participating in the SESAM project is expected to give the company’s developers a method to identify security vulnerabilities earlier, avoiding significant costs due to rework at a later stage. Moreover, the focus on sensible automation is expected to support better decision-making to save on counter-productive security automation efforts. As a by-product, Ericsson expects to obtain an inventory of security-related information sources and third-party dependencies useful besides the project’s scope (e.g., for security certification).

Ericsson participates in joint studies with the other business partners. In particular, the company provides an environment for data collection, resulting in an inventory of sources supporting security quality assurance activities. Together with their security experts, we will develop approaches to augment key practices used within the Ericsson context. Ericsson will provide the required domain and technical expertise, ensuring the project’s outcomes are relevant. Evaluation activities (intermediate and final) will take place at Ericsson.