“Security has to be mandatory for automotive software development”: Page 3 of 4

October 23, 2018 //By Christoph Hammerschmidt
“Security has to be mandatory for automotive software development”
In automotive electronics, there is no safety without security. But how can security be ensured with today's development methods - keywords are agile development, DevOps and massive use of Open Source software? Andreas Kuehlmann, Senior Vice President and General Manager of the Software Integrity Group at development tool provider Synopsys, has the answers to these questions.

Smart2zero: Programmers and IT developers are under pressure to be productive and delivering their results on time. Therefore, the question is: can these software assessments and risk checks be automated?

Kuehlmann: To some degree. But it’s not only related to automotive. Security has to be a mandate from top down. It has to have the same priority as any feature in the software. As soon as you start trading off you get essentially into organizational conflicts, you get into priority conflict, raising the question to either develop all those features or address the security concept. So, first and most importantly, it’s an organizational and a business decision that needs to be done. The second one is putting a software development process in place that is comprised of training the developers: you know, how do you actually write secure codes, how do you have a secure architecture, and a secure design; followed by the designer start, doing architectural risk analysis and making sure that the design is fundamentally secure. This is a manual process, followed in the development process is using automated tools for standard testing as well as dynamic testing that can’t find vulnerabilities as you actually code it and address it in the development process; and followed by rigorous system testing and penetration testing once you release the code and put the system together. So it’s process; it starts by educating the developers, getting the architecture and the design right, all the way to having rigorous testing before you release. And by the way, this is nothing new in the IT world, it has been around in software development since the beginning of its days.

Smart2zero: Then there is always a kind of tension between security and quality?

Vous êtes certain ?

Si vous désactivez les cookies, vous ne pouvez plus naviguer sur le site.

Vous allez être rediriger vers Google.