Close Menu
Automotive Testing Technology International
  • News
    • A-H
      • ADAS & CAVs
      • Aerodynamics
      • Appointments, Partnerships, Investments & Acquisitions
      • Automotive Testing Expo
      • Batteries & Powertrain Testing
      • Component Testing
      • Safety and crash testing
      • Dynamometers
      • EMC & Electronics Testing
      • Emissions & Fuel Consumption
      • Facilities
      • Full-vehicle Testing
    • I-Z
      • Interiors & Infotainment Testing
      • Measurement Tools, Test Systems & Equipment
      • Motorsport
      • NVH & Acoustics
      • Proving Grounds
      • R&D
      • Sensors & Transducers
      • CAE, Simulation & Modeling
      • Software Engineering & SDVs
      • Tire Testing
  • Features
  • Online Magazines
    • March 2025
    • November 2024
    • September 2024
    • June 2024
    • Crash Test Technology – 2023
    • Automotive Testing Technology
    • Subscribe to Automotive Testing
    • Crash Test Technology
    • Subscribe to Crash Test Technology
  • Opinion
  • Awards
    • About
    • What’s new and key dates
    • Eligibility and nomination
    • Get in touch
    • Judges
    • Winner interviews
  • Videos
  • Supplier Spotlight
  • Proving Grounds
  • Events
LinkedIn Facebook X (Twitter)
  • Automotive Interiors
  • Automotive Powertrain
  • ADAS & Autonomous Vehicle
  • Professional Motorsport
  • Tire Technology
  • Media Pack
LinkedIn
Subscribe
Automotive Testing Technology International
  • News
      • ADAS & CAVs
      • Aerodynamics
      • Appointments, Partnerships, Investments & Acquisitions
      • Automotive Testing Expo
      • Batteries & Powertrain Testing
      • Component Testing
      • Safety and crash testing
      • Dynamometers
      • EMC & Electronics Testing
      • Emissions & Fuel Consumption
      • Facilities
      • Full-vehicle Testing
      • Interiors & Infotainment Testing
      • Measurement Tools, Test Systems & Equipment
      • Motorsport
      • NVH & Acoustics
      • Proving Grounds
      • R&D
      • Sensors & Transducers
      • CAE, Simulation & Modeling
      • Software Engineering & SDVs
      • Tire Testing
  • Features
  • Online Magazines
    1. March 2025
    2. November 2024
    3. Crash Test Technology – 2024
    4. September 2024
    5. June 2024
    6. Automotive Testing Technology
    7. Subscribe to Automotive Testing
    8. Crash Test Technology
    9. Subscribe to Crash Test Technology
    Featured
    April 9, 2025

    In this Issue – March 2025

    Automotive Testing Technology By Rachel Evans
    Recent

    In this Issue – March 2025

    April 9, 2025

    In this Issue – November 2024

    November 26, 2024

    In this Issue – 2024

    September 30, 2024
  • Opinion
  • Awards
    • About
    • What’s new and key dates
    • Eligibility and nomination
    • Get in touch
    • Judges
    • Winner interviews
    • ATTI Awards Forum
  • Videos
  • Supplier Spotlight
  • Proving Grounds
  • Events
LinkedIn
Subscribe
Automotive Testing Technology International
Industry Opinion

Creating more secure and safer code in modern vehicle design

Jill Britton, director of compliance, Perforce SoftwareBy Jill Britton, director of compliance, Perforce SoftwareFebruary 1, 20235 Mins Read
Share LinkedIn Twitter Facebook Email

While the increasing dependency on software in modern vehicle design is a gateway to incredible innovation, it also brings risks, particularly as vehicles become more connected with traffic infrastructure and other systems. Therefore, more rigor is needed around creating secure and high-quality code, because most software vulnerabilities stem from the development stage, which an attacker could exploit at a future time.

For instance, a vulnerability could enable the attacker to control steering, disable brakes or access personal information on other connected devices through the vehicle’s operating systems. Examples of vulnerabilities include memory buffer problems, which can lead to the software being read from or written to locations outside the boundaries of the memory buffer, and code injections, which affect the interpreted environment and most typically impact infotainment and other in-vehicle systems.

In addition, there is an increased use of the Android Open Source Project (AOSP) for development, particularly for infotainment systems. This increased use has massive benefits, giving developers access to a rich set of resources, but can also introduce risks. The 25-30 million lines of code involved add complexity, especially across many communication interfaces, so the potential attack surface is vast. Furthermore, the open-source nature of AOSP means that vulnerabilities are public knowledge, and, as the code is contributed by different developers, not all of them will have considered security (as it has not been a major concern previously). Also, users need to be aware of and use the latest version of a piece of open-source software, which will include fixes of known vulnerabilities.

Other factors affecting security include the trend toward electronic control unit (ECU) consolidation, which, by reducing their number within a vehicle, makes it harder to isolate potential issues. Plus, there is the sheer pressure on software engineering teams to contribute to faster time-to-market, and hence the potential risk of cutting corners.

Taking action
Not that the industry is putting its head in the sand on security. As Perforce’s 2022 State of Automotive Software Development survey of over 600 automotive industry professionals worldwide found, security is one of their top three concerns (alongside safety and quality). Furthermore, the 2021 introduction of ISO 21434, intended to ensure consideration of cybersecurity throughout automotive product development, demonstrates the commitment to security risk mitigation.

Fortunately, well-trodden best practices, already well-established within the automotive sector or in other industries, can all help to mitigate these risks – in particular, the use of coding standards, which is on the rise within the automotive sector as it is a requirement for both ISO 26262 and ISO 21434 compliance.

Coding standards are sets of guidelines or rules to help software developers create safe and secure code. In the same survey, 86% of respondents used at least one coding standard in their software development. Organizations may use a combination of coding standards (including those built in-house) to cover different programming languages and compliance requirements. Widely used coding standards include MISRA C/C++, well-known by and created within the automotive industry, and CERT, developed by the Software Engineering Institute at Carnegie Mellon University.

Compliance with a coding standard requires both time and effort, so static analysis tools are increasingly applied as a way to automate the process of enforcement. These tools inspect all categories of code and binaries without the need to execute them. The aim is to detect vulnerabilities and coding standards violations as early as possible in the development lifecycle, to reduce costs and prevent additional workload downstream. Trends such as ‘Shift Left’ testing, whereby testing takes place earlier (and throughout) the software development lifecycle, is part of this general movement.

Security-first mindset
Consideration of security in all phases of the software development lifecycle represents a significant change in the traditional software development environment. A ‘security-first’ mindset is encouraged throughout the organization, whereby everyone has a better understanding not just of security risks but their role in managing them.

Part of the security process must be to continually consider known and new vulnerabilities which may affect the software. There is a wide array of publicly available resources providing updates, including Common Weakness Enumeration (CWE), maintained by Mitre, which covers vulnerabilities in both software (for various languages and systems) and hardware. Similarly, the Open Web Application Security Project (OWASP) lists the 10 most critical security concerns for web application security. Another helpful resource is the National Vulnerability Database (NVD) from NIST, which lists recently reported open-source software (OSS) vulnerabilities together with a severity and a cross reference to CWE vulnerability types.

For example, the well-publicized Heartbleed bug from 2014 was a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows an attacker to read the memory of the systems ‘protected’ by the vulnerable versions of the OpenSSL software, which is widely used for encrypted communication; including between connected embedded systems (found widely in modern and future-facing cars). The Heartbleed bug made it possible for attackers to compromise the secret codes used to identify the service providers, and to encrypt the information being passed. Consequently, attackers had access to the names and passwords of the users which enable them to eavesdrop on communications.

As a result, the Heartbleed bug was registered as CVE-2014-0160 by Mitre and associated with the ‘CWE-126: Buffer Over-read’ vulnerability type. Development of code that is resistant to — or checked for instances of potential buffer overreads — will obviously mitigate this type of risk.

So, while security remains a significant challenge for the automotive industry, there are multiple techniques, cultural steps and freely available resources on which to draw. And, while security is not just the responsibility of developers, doing as much as possible to improve software as it is being created is a sound starting point.

Share. Twitter LinkedIn Facebook Email
Previous ArticleZenobē opens Innovation Centre to test electrified systems for fleet operators
Next Article Smithers awarded laboratory alignment certification for rolling resistance testing
Jill Britton, director of compliance, Perforce Software
  • Website

Related Posts

Full-vehicle Testing

Transforming automotive time-to-market – Now or never for traditional auto makers

April 10, 20257 Mins Read
Industry Opinion

Navigating the hype surrounding SDVs

April 2, 20254 Mins Read
Industry Opinion

Why OEMs are struggling to modernize SDVs

April 1, 20256 Mins Read
Latest News

Final handling tests for Alpine A390 sport fastback

April 28, 2025

Mustang installs R&D heavy-duty test stand at Texas A&M

April 28, 2025

Thales to help Michelin protect and expand its software business

April 28, 2025
Free Weekly E-Newsletter

Receive breaking stories and features in your inbox each week, for free


Enter your email address:


Our Social Channels
  • LinkedIn
Getting in Touch
  • Free Weekly E-Newsletter
  • Meet the Editors
  • Contact Us
  • Media Pack
RELATED UKI TITLES
  • Automotive Interiors
  • Automotive Powertrain
  • ADAS & Autonomous Vehicle
  • Professional Motorsport
  • Tire Technology
  • Media Pack
© 2025 UKi Media & Events a division of UKIP Media & Events Ltd
  • Terms and Conditions
  • Privacy Policy
  • Cookie Policy
  • Notice & Takedown Policy
  • Site FAQs

Type above and press Enter to search. Press Esc to cancel.

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Functional

Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.

Performance

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

Analytics

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.

Advertisement

Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.

Others

Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.

SAVE & ACCEPT