China is promoting the deep integration of new technologies and the transportation industry, and steadily developing the intelligent networked vehicle industry. Defects or loopholes in any link in the software supply chain, on-board local services, cloud services, and mobile applications may affect user security. The entire industry chain needs to plan the security of the Internet of Vehicles from the underlying security architecture and the security of the platform itself. More importantly, there are standards to follow to ensure that the entire industry is moving in a correct and high-quality development direction.
Synopsys was invited to participate in the 10th Internet Security Conference (ISC 2022) and delivered a keynote speech at the Internet of Vehicles Security Innovation and Development Forum held on August 1, focusing on Internet of Vehicles software security and discussing how to promote intelligent networked vehicles Industrial innovation.
ISC 2022 will be held in Beijing from July 30 to August 2. The conference is organized by the Internet Society of China, China Cyberspace Security Association, China Academy of Information and Communications Technology, China Small and Medium Enterprises Association, China Enterprise Confederation, All-China Federation of Industry and Commerce Big Data Operation and Maintenance (Cyber Security) Committee, China Communications Enterprise Association, China Software Industry Association Co-hosted by , China Entrepreneurs Association and 360 Internet Security Center, it is a high-profile, wide-ranging and far-reaching security summit in the Asia-Pacific region and even the world. The theme of ISC 2022 is “escorting digital civilization and creating a new era of digital security”.
Xu Yan, Senior Security Architect at SynopsysWith the theme of “Safety Compliance Testing in the Era of Software-Defined Vehicles”, he shared insights into the trends of software-defined vehicles and safety compliance testing solutions and practices. He hoped to work with the industry to promote industrial innovation and build a strong security barrier for the Internet of Vehicles.
Xu Yan pointed out: “Software capabilities and user experience will become one of the core competitiveness of future car companies. The stronger and safer the software capabilities, the higher the revenue share of smart car companies is expected to be. Therefore, in the intelligent networked car Building software reliability and security is critical. Defects and vulnerabilities in coding, testing, and open source usage are the main reasons for security issues in automotive software today. The connected car industry needs to strengthen every step of the software development life cycle (SDLC). The state of software security across stages and across the software supply chain.”
No rules no standards. Only with the formulation of corresponding laws, regulations and standards, can the development of an industry be stable and far-reaching. ICV is the combination of artificial intelligence and traditional industries. China has listed it as a core competitiveness improvement project for the manufacturing industry in the 14th Five-Year Plan. Construction Guidelines, and is accelerating the pilot program of access management for intelligent networked vehicles. Globally, many important international industry regulations have been issued, such as ISO/SAE 21434 “Road vehicles – Cybersecurity engineering”. ISO/SAE 21434 defines a cybersecurity process requirement and a framework for cybersecurity risk management for the full life cycle of a vehicle product.
Synopsys believes that in order to meet the requirements of the ISO/SAE 21434 standard, smart car companies need to do at least the following five points:
1. Threat Analysis and Risk Assessment (TARA, Threat Analysis and Risk Assessment). Assess risk and threat through a combination of impact and attack feasibility levels;
2. Static code analysis. Help development and security teams address security and quality defects early in the SDLC, track and manage risk across the application portfolio, and ensure compliance with security and coding standards;
3. Open source software management. The Open Source Security and Risk Analysis 2022 report (OSSRA) shows that open source is used in up to 97% of the codebases scanned in the aerospace, automotive, transportation and logistics industries. Smart car companies need to manage the security, quality and license compliance risks associated with the use of open source and third-party code in applications and containers;
4. Internal security testing. Enterprises need to use automated tools for developers, test teams, security teams, such as vulnerability scanning tools, fuzzing tools, etc., and make full use of these tools;
5. Penetration testing. Executed in the later stage of R&D comparison, exploratory risk analysis and business logic testing are carried out to identify major business vulnerabilities and reduce the risk of information leakage.
In addition, Synopsys has always emphasized that security is a process, not a product. For the cybersecurity field, challenges arise from constantly evolving threats. Enterprise security teams need a work-driven model of continuous improvement. Synopsys has always supported enterprises to manage application security to build trusted software. The Building Security In Maturity Model (BSIMM, the Building Security In Maturity Model) is one of the best security practice models in the industry and has been developed by Synopsys and the BSIMM community since 2008. Smart car companies can measure and create product-related safety activities based on real data. In addition to BSIMM assessment, Synopsys also provides security testing solutions covering the software development life cycle, including Coverity static application security testing and Black Duck software composition analysis.
Yang Guoliang, Technical Director of Software Application Security at Synopsys ChinaIn conclusion: “China is promoting the integration and development of various emerging industries, among which intelligent and connected vehicles are becoming the key focus of the new round of emerging industries. ‘Intelligence’ and ‘security’ need to always go hand in hand. Rely on safe and trusted software , the Internet of Vehicles can go further and more steadily. Traditional industries need to be further innovated, and efforts should be made to build a credible security ecosystem and escort the high-quality development of the Internet of Vehicles industry. Of course, in addition to the support of policies and other aspects, the construction of Internet of Vehicles security, It is even more inseparable from the help of software security companies. Synopsys will continue to help automakers and related enterprises in the Internet of Vehicles industry chain to more effectively respond to new challenges in automotive security and compliance, and solve software security problems encountered in digital transformation. Fasten your ‘seat belt’ firmly for the connected car.”
—————————————
(The market is risky, and investment transactions should be cautious. No recommendation is made for the subject matter involved, and investment transactions based on this are at your own risk.)Return to Sohu, see more
Editor:
Disclaimer: The opinions of this article only represent the author himself, Sohu is an information publishing platform, and Sohu only provides information storage space services.