“Security has to be mandatory for automotive software development”: Page 4 of 4

October 23, 2018 //By Christoph Hammerschmidt
“Security has to be mandatory for automotive software development”
In automotive electronics, there is no safety without security. But how can security be ensured with today's development methods - keywords are agile development, DevOps and massive use of Open Source software? Andreas Kuehlmann, Senior Vice President and General Manager of the Software Integrity Group at development tool provider Synopsys, has the answers to these questions.

Kuehlmann: There is a tension if the organization is not set up properly. You see this very often in organizations where the security team is separate from the development team. Where security is kind of an afterthought, and the security team performs some security testing after the development process. This typically results in a kind race: The development team is ready, features are complete, they are ready to ship. And then the security team comes in: Oh no no, you know, there is a vulnerability, and they do code review and find all kinds of issues. Our experience is: you need to move it to the developer. You need to enable the developer early on to address security issues as they code.

Smart2zero: In a nutshell: The earlier in the process it is discussed and understood, the better is the chance to have a high quality and secure software in the end. And the cheaper it is to find out if there is a kind of vulnerability.

Kuehlmann: Right, right, Exactly right.

 


Vous êtes certain ?

Si vous désactivez les cookies, vous ne pouvez plus naviguer sur le site.

Vous allez être rediriger vers Google.