As the automotive software development life cycle puts greater focus on cyber security, we’ll see safer, more secure cars on the roads. OEMs and suppliers use static code analysis, software composition analysis, and fuzz testing to identify and remediate vulnerabilities in automotive components during development and testing. But even with the right tools and processes, it’s impossible to eliminate every software vulnerability in a vehicle’s 100 million lines of code before releasing it into the field.
Therefore, it’s important to continue finding and fixing bugs in vehicles after production. During operations and maintenance, detecting and managing new vulnerabilities in automotive components is a high priority. Patching these vulnerabilities means performing secure over-the-air (OTA) updates—and ensuring those updates don’t introduce new vulnerabilities.
This talk will present the current challenges and suggest solutions to securing vehicles during the operations phase.