On Thursday, Andreas Kuehlmann, Senior Vice President and General Manager for Software Integrity at Synopsys, was one of the speakers at the Future Connected Cars conference in Santa Clara, California.
In his talk, Kuehlmann addressed how automakers can avoid costly recalls or brand damage through a process called “software signoff.” There exists within the hardware domain an established signoff process where a part is tested before it is accepted into the general supply chain. The same is not yet true with software, where up to 90 percent of the software may be sourced from outside an organization. This can include generally accepted open source code and third-party code. Having a procedure to test and audit this code throughout the lifecycle is essential.
Additionally Kuehlmann talked about self-regulation within the automotive industry. He mentioned a new working group from SAE that supports self-governance. The working group, TEVEES18A1 Cybersecurity Assurance Testing Task Force, is lead by Mike Ahmadi, Director of Critical Systems Security at Synopsys.
Future Connected Cars was held alongside this year’s Internet of Things World and Apps World at the Santa Clara, California, convention center. A sister event, Connected Cars 2016, will be held June 28 – 30 at the Olympia Grand in London.
Earlier in the day, Chris Clark, Principal Security Engineer for Global Solutions at Synopsys, demoed the Synopsys Software Integrity Platform to attendees in the exhibit hall.
In a related Code Review podcast, Clark talked with host Robert Vamosi, CISSP and Security Strategist at Synopsys, about software security, the connected car, and the value of cybersecurity evaluation requirements and audits.