wait a second Siemens made a deal to have some software running inside their infrastructure without having the code open right away, that is a major rookie mistake.
Given that this was a spreadsheet it's more likely that someone hired the contractor directly without going through IT. When things were burning and IT was begrudgingly brought in to fix things they weren't predisposed to be kind. No rookies involved. Just the normal corporate IT dynamic where things move too slow so get hacked around with Excel and other kludges and everything works until it doesn't.
The article says that the spreadsheets were protected by a password that the contractor did not initially hand over. So yes, that was a oversight of Siemens.
"Protected" office documents are the rough equivalent of putting up a 'Do Not Enter' sign and are just as trivial to bypass. If anyone had really cared enough to want to see the code, they could have.
well, companies do it all the time when they buy “enterprise” packages. I believe SAP is closed source and it’s the life and blood of most companies’ IT infrastructure.