Fabrice Derepas, CEO TrustInSoft, discusses how the company’s analysis technology addresses today’s automotive software development quandaries
What R&D challenges does TrustInSoft currently face?
The rapid growth and mainstream acceptance of EV, and the associated connectivity infrastructure changes taking place alongside that transformation, are having a profound effect on the automotive software industry at large and its testing technology. The increasingly heavy reliance on software to enable these advances introduces a number of challenges to manufacturers and suppliers – but an even greater number of opportunities for companies like TrustInSoft.
From your perspective, will the demand for electric-powered solutions in terms of mobility outpace traditional growth in the automotive sector? If so, how soon, and what parts of the multiple automotive sectors (suppliers, manufacturers, service and testing) are most likely to be directly affected first?
Software is growing in complexity. The safety and security concerns that apply to wide range of automotive applications where safety is of paramount importance, are driving the need for more testing. It is vital to address safety concerns and, overcome and prevent security breaches in source code creation and subsequent testing. This is hugely important for most applications, but it is critically important for advances in automotive software, where lives can be put at risk by flawed coding. The problem is that, without technology like TrustInSoft Analyzer, those flaws can be difficult and time-consuming to detect and resolve.
The issue is best resolved at the very beginning of the software development process, for instance, before it gets anywhere near being installed in a vehicle that is either digitally connected, autonomous or fully or partially controlled by a human being.
The increase in electrically driven components has driven increased levels of software sophistication and complexity. How does a company like TrustInSoft help to minimize anxiety about ensuring that such software applications are not only fit for purpose but are able to deliver safe and reliable performance every time?
The TrustInSoft Analyzer provides a unique solution with no false negatives and up to no false positives, or very few compared to traditional testing methods at more advanced testing levels. It provides formal, verifiable proof of the absence of memory safety vulnerabilities that could cause autonomous vehicles to behave unpredictably and dangerously. These memory safety vulnerabilities* are cybersecurity issues that can enable hackers to perform arbitrary code execution that can easily lead to safety issues.
However, by using formal methods, TrustInSoft Analyzer can test for these dangerous memory safety vulnerabilities and provide indisputable assurance of their absence, enabling input generalization that tests for the equivalent of an infinite number of possibilities quickly, saving time and money without sacrificing safety or quality.
*(TrustInSoft can detect all memory safety vulnerabilities known as undefined behaviors. Note: This is the terminology used in the C/C++ language standards for coding errors that include all memory safety vulnerabilities)
There is a notable global skills shortage affecting traditional automotive manufacturing. Is this likely to spill over into the software domain, or is the software sector a net beneficiary by receiving those who increasingly prefer to work with their brains rather than their elbows?
As in many other industries around the world today, the entire embedded software sector is suffering from a skills shortage, and the automotive software sector is no exception. That’s why key operatives in the auto software industry need solutions that will make their software development lifecycle more efficient. There is an unquenchable thirst for more, and better, software. The volume and complexity of the demand is increasing at a time when a global skills shortage is slowing productivity.
The impact of the skills shortage is especially important as vehicles become more software dependent. TrustInSoft’s solutions are now even more crucial to ensuring the safety and security of the software that operates these vehicles, thereby accelerating the development cycle by ensuring that the software is free of memory safety vulnerabilities very early in the development process. This helps to ensure TrustInSoft’s position as a trusted, sought after and valuable partner in the automotive industry’s ongoing evolution.
What can automotive companies do in the software realm to ensure they not only comply with regulatory controls but can meet – or exceed – new, even stricter, standards in the future? What can TrustInSoft offer that will mitigate or eliminate those concerns by ensuring, if not guaranteeing, compliance?
TrustInSoft brings a unique depth in analysis and bug identification vs. other traditional testing techniques. The capability for critical applications to bring mathematical proof of the absence of UBs can be the difference between success and failure.
It should be noted that TrustInSoft Analyzer is ISO 26262 (Road vehicles – Functional safety) qualified by TÜV Süd for all ASIL levels, thus helping software developers demonstrate that their software complies with ISO 26262 requirements and ensure that the automotive systems they design stay secure.
Regarding ISO 21434 (Road vehicles – Cybersecurity engineering), TrustInSoft Analyzer has the ability to identify memory safety vulnerabilities classified as key issues in software in the CWE TOP 25 list. These vulnerabilities represent 70% of the issues in the CWE Top 25 list. The active confirmation that all those issues have been identified enables automotive manufacturers to ensure the cybersecurity of their software at the source code level.
Now software providers are more and more responsible not only for software quality when delivered but for the whole lifecycle of the car and thanks to TrustInSoft they can have peace of mind that no bugs lay dormant in their software and could reveal themselves later in the field.
TrustInSoft has established itself as a respected pioneer in developing new software analysis tools for this industry and others. With so much growth in so many areas of electrification and, by default, software application, what’s in the future for TrustInSoft?
As TrustInSoft continues to grow alongside the automotive sector, the company’s plan is to address new languages and work to integrate deeper into early validation and verification processes by integrating with other tool providers and work with them to jointly adapt to specific and emerging automotive environments. One example is TrustinSoft’s close working relationship with the AUTomotive Open System ARchitecture (AUTOSAR) development actors.
TrustinSoft’s future is firmly grounded in the power of formal methods applied through exhaustive static analysis, which provides unmatched depth and mathematical precision while retaining the highest degree of software usability. We will continue to develop and refine our approach to software testing and turn the task of software testing, which is often seen as a time-consuming and costly activity, into a demonstrable business advantage thanks to the power of formal methods due to its strong emphasis on security and consumer safety.