Skip to Content


Focus on your business and customer relationships, while knowing that your data is safe and reliable. With a proactive, predictive approach, SAP helps ensure compliance and data security in the cloud and within an on-premise data center.
Previous Next

Product Security

Our processes, guidelines, tools, and training help keep security integral to product architecture, design, and implementation.


Preventative controls and measures guard data from security breaches with threat detection and continuous monitoring and response.

Data Center Security

Continuous technology and infrastructure testing helps ensure that the data center is running smoothly around the clock.

Security in the Digital Economy

What are Meltdown and Spectre?

Technically, Spectre and Meltdown are different variations of the same architectural vulnerability that affects nearly every computer chip manufactured in the last 20 years. It could, if exploited, allow attackers to get access to data previously considered protected. Security researchers have published information about these vulnerabilities in early 2018.

Previous Next

Vulnerability variants

Each variant was given its own CVE number: Variant 1–Spectre CVE-2017-5753; Variant 2–Spectre CVE-2017-5715; Variant 3–Meltdown CVE-2017-5754; Variant 3a–Spectre NG CVE-2018-3640; Variant 4–Spectre NG CVE-2018-3639. All of these vulnerability variants may be exploited to read confidential data such as CPU or Kernel memory. The criticality and exploitability varies between the different variants.

Are SAP systems affected?

SAP has thoroughly investigated the impact of these vulnerabilities and is closely aligning with corresponding vendors, providers, and the Open Source community. SAP Security and SAP Operations are working on investigating if where and how our platforms, databases, application and cloud operations are affected. 

Taking a proactive approach

We are fixing potential flaws derived from Spectre and Meltdown without undue delay. As a consumer of affected software and hardware, we largely depend on the availability of patches provided by respective vendors, providers or the open source community. The schedule of applying appropriate patches is to a large extent determined by their availability. 

Recommendation to customers

SAP recommends that all customers carefully monitor and follow the advice on implementing security patches provided by  hardware and operating system providers as soon as they become available. We will ensure that fixes are applied to our cloud infrastructure without undue delay. SAP Global Security is constantly monitoring the situation.

Hear from our Security Experts

Previous Next

SAP Cloud security

One of the critical requirements companies evaluate when considering moving to cloud is the underlying security and trust architecture of the services and products. Listen to this interview with Umit Ozdurmus, Global Head of SAP Managed Security Services.

Cloud Security for the Digital Economy

Listen to Justin Somaini, Chief Security Officer at SAP, as he discusses our security strategy on protecting the confidentiality, integrity, and availability of our customers' information and how we meet the highest security standards to deliver cloud services in a secured environment.

The Future of Enterprise Software Security

Hear Dr. Craig Brown, author of “Untapped Potential,” and Justin Somaini, chief security officer of SAP, discuss how the challenges of enterprise software security will continue to evolve and what your business can do now to be prepared.

Product Security

Cloud application security is extremely important as cyber threats try to identify and exploit vulnerabilities. At SAP, product security is the responsibility of quality management. We cover the complete product code, as well as the key security functions that are necessary to safeguard product use.
Previous Next

A Secure Software Development Lifecycle

Discover the security phases of product development for on-premise or cloud-based use. Look at our framework for integrating security throughout the lifecycle of standard software products from SAP.

Secure Source Code Scanning

Increase the security of your software development efforts. Apply the same automated source code scans that SAP uses to detect and eliminate security flaws at an early stage in the development cycle.

Identity and Access Management

Ease the adoption of cloud applications with end-to-end identity and access management. Learn how businesses that have cloud-heavy deployments are improving processes and security.


Every business expects ironclad information security for its on-premise, cloud, and mobile environments. To meet these expectations, we work continuously to strengthen and improve security features in all of our software and service offerings, while protecting our own company and assets.
Previous Next

Trusted Security

Secure your technology environment with attention to people, processes, and technology. Consider data-center best practices for innovating and operating confidently, while building security into critical systems.

Platform Security

Protect your data by meeting ever-increasing cybersecurity challenges, securing systems, and adhering to compliance and regulatory needs. Determine how breakthrough technologies are driving major trends.

Secure Cloud

Promote data privacy and cybersecurity in the cloud to Run Simple. Learn how SAP Cloud Secure services can help you comply with legislation by increasing transparency into system controls and measures.

Report a Potential Security Issue to SAP

SAP is committed to identifying and addressing every security issue that affects SAP software and cloud solutions. If you want to report a potential security issue, please visit this page.

Frequently Asked Questions

Back to top