Automotive organizations should follow best practices and establish cybersecurity policies and processes based on, for example, ISO/SAE 21434, including deploying appropriate application security testing tools to establish a secure software development life cycle.
Focusing on project-level activities, a threat analysis and risk assessment should be performed to identify critical risks in the product. During product development, the software should be tested for security vulnerabilities. Static application security testing (SAST) should be performed to detect issues in the source code. Moreover, software composition analysis (SCA) should be performed to detect vulnerable open source software components in commonly used libraries such as communication libraries or crypto libraries. Fuzz testing should be performed on the high-risk wireless and wired interfaces to detect implementation issues and security vulnerabilities. Furthermore, dynamic application security testing (DAST) and penetration testing should be performed on software in the ecosystem, such web apps and mobile apps.
Upcoming blog posts will provide detailed examples, specifically for SDVs, EVs, and connected and autonomous vehicles.