SlideShare a Scribd company logo

The road towards better automotive cybersecurity

Download as PPTX, PDF
Rogue Wave Software
Rogue Wave Software

Automotive safety has been a major concern for manufacturers everywhere and now the threat of automotive hacking looms. Your team may be familiar with safety standards and defensive coding techniques but do you know how to handle security threats at the code level? What can you do next to transform your processes and development strategies? Join automotive experts from Rogue Wave Software for the first in a three-part series on securing your code and solidifying processes to ensure safe, defect-free software. By educating teams and understanding proven techniques, you’ll be able to take the next step towards less risk and more value for your applications. In this first one-hour webinar you'll learn: - Techniques to protect your automotive software systems from risk - Tools that accelerate compliance with security and safety standards - Tips to ensure defects are eliminated as early as possible

Software
1 of 27
The road towards better automotive cybersecurity May 27, 2015 Rogue Wave Accelerate Series Part 1 of 3
Jeff Hildreth, Automotive Account Manager Rogue Wave Software Presenter © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 2
Agenda • We’re all saying the same thing • Wrangling order from chaos • A holistic approach to cybersecurity • Take action! • Q&A 3© 2015 Rogue Wave Software, Inc. All Rights Reserved
Poll #1
We’re all saying the same thing 5© 2015 Rogue Wave Software, Inc. All Rights Reserved
© 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 6 “We all clearly created these presentations in a vacuum because we’re all using the same material.” IQPC Automotive Cyber Security Summit, two months ago Develop a specific strategy that fits into what we’re already doing Be different You have the tools already
© 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 7 Wrangling order from chaos Look at the data you’re already faced with: 1000s of bugs How do you handle this information overload? HIL failure cases Customer defects Avg. number of security risks: 22.4 Safety requirements
© 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 8 Security information overload News Blogs, social media conferences Security standards OWASP, CWE, CERT, etc. Senator Markey report NVD, White Hat, Black Hat OEMs, internal Media More and more software running inside your car Standards and legislation Research Requirements Developers don’t know security (80% failed security knowledge survey)
Poll #2
A holistic approach to cybersecurity © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 10 Threat Model Internal Threat Metric External Data Action Information overload Develop an adaptive threat model
© 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 11 Threat model  Scanning to discover open Threat modelling identifies, quantifies, and addresses security risks by: 1. Understanding the application & environment 2. Identifying & prioritizing threats 3. Determining mitigation actions Identify Assets System Overview Decompose Application Identify Threats Prioritize Threats
External data sources © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 12 Standards • Common Weakness Enumeration (MITRE) • Open Web Application Security Project (OWASP) • CERT (Carnegie Mellon University) National Governing Bodies CVE database National Vulnerability Database OEM RFP requirements Research White Hat/Black Hat University studies Media Development Team
Poll #3
Internal metrics © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 14 Testing Automated unit tests Hardware in the Loop (HIL) testing Security Team Penetration tests Open source scanning Software Tools Static Code Analysis (SCA) Compiler warnings Requirements Development Team
Developing a Threat Metric © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 15 Build score • Automated and functional testing gives you a pass/fail metric on every run of the test suite • A metric can be generated from penetration testing based on the number of exploitable paths in your code base • Software tools give you a count of critical static analysis and compiler warnings • A metric can be developed based on the presence of snippets of open source code previously undetected or open source with new known vulnerabilities • All of these metrics can be generated on every build of your software
Accept Sprint 1 Sprint 2 Sprint n Release Change Adjust and Track Feedback Review Next Iteration No! Yes! Release to Market Integrate and Test Integrate and Test Integrate and Test Agile development: Integrated security Characteristics • Multiple testing points • Rapid feedback required • “Outside” testing does not meet agile needs 16© 2015 Rogue Wave Software, Inc. All Rights Reserved.
Standards Governing bodies OEM RFP requirements Research Media Continuous metric updates © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 17 Testing Pen tests OSS scanning Software tools Requirements Development Team
Example: ECU © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 18 Front ADAS Gateway Infotainment Rear distribution amplifier Camera Radar X by wire Telematics Power train Camera Radar
Static code analysis (SCA) © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 19 Static code analysis Traditionally used to find simple, annoying bugs Modern, state-of-the-art SCA: Sophisticated inter- procedural control and data-flow analysis Model-based simulation of runtime expectation Provides an automated view of all possible execution paths Find complex bugs and runtime errors, such as memory leaks, concurrency violations, buffer overflows Check compliance with internationally recognized standards: MISRA CWE OWASP ISO26262
Static code analysis © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 20 Keep your metric up to date • Standards: rely on your static code analysis vendor to provide updates to the latest security standards • Research: rely on your vendor to develop custom rules based on research shared by security analysts • OEM requirements: prove that standards have been enforced
Take action © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 21 Check code faster • Issues identified at your desktop – Correct code before check-in – All areas impacted by a given defect are highlighted – After system build, the impact of other developers’ code is also delivered to the desktop for corrective action • Create custom checkers to meet specific needs • Debugger-like call-stack highlights the cause of the issues • Context-sensitive help provides industry best-practices and explanations 50% of defects introduced here Build Analysis / Test
Open source scanning © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 22 Keep your metric up to date • Deploy a governance and provisioning platform to white list/black list open source packages • Be informed when new vulnerabilities are published through the National Vulnerability Database • Know what’s in your source code by scanning for snippets that have been copied and pasted
Measuring open source risks © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 23 • Know your inventory with OSS scanning – Automated, repeatable way to locate OSS packages (and packages within packages!) and licensing obligations – Look for scanning tools that: • are SaaS – easier to set up and maintain • Protect your IP by not requiring source code upload • Maintain OSS support – Get notified of latest patches, risks, bugs • Establish an OSS policy to minimize risk – Use only trusted packages – Notify and update security fixes
Scan results example © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 24
© 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 25 Conclusions The application security world is fluid Create concrete, actionable strategies (Threat Metric, analysis & scanning) Delivery cycles are short Update regularly with well- defined process (Agile, CI)
See us in action: www.roguewave.com Jeff Hildreth | jeff.hildreth@roguewave.com
The road towards better automotive cybersecurity

Recommended

Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Dilum Bandara
 
Secure by design and secure software development
Secure by design and secure software developmentSecure by design and secure software development
Secure by design and secure software developmentBill Ross
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 
Offensive cyber security engineer updated
Offensive cyber security engineer updatedOffensive cyber security engineer updated
Offensive cyber security engineer updatedInfosecTrain
 
Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...
Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...
Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...Outpost24
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationPriyanka Aash
 
Outpost24 webinar: best practice for external attack surface management
Outpost24 webinar: best practice for external attack surface managementOutpost24 webinar: best practice for external attack surface management
Outpost24 webinar: best practice for external attack surface managementOutpost24
 

Recommended

Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Dilum Bandara
 
Secure by design and secure software development
Secure by design and secure software developmentSecure by design and secure software development
Secure by design and secure software developmentBill Ross
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 
Offensive cyber security engineer updated
Offensive cyber security engineer updatedOffensive cyber security engineer updated
Offensive cyber security engineer updatedInfosecTrain
 
Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...
Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...
Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...Outpost24
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationPriyanka Aash
 
Outpost24 webinar: best practice for external attack surface management
Outpost24 webinar: best practice for external attack surface managementOutpost24 webinar: best practice for external attack surface management
Outpost24 webinar: best practice for external attack surface managementOutpost24
 
Introduction to Application Security Testing
Introduction to Application Security TestingIntroduction to Application Security Testing
Introduction to Application Security TestingMohamed Ridha CHEBBI, CISSP
 
Secure Coding and Threat Modeling
Secure Coding and Threat ModelingSecure Coding and Threat Modeling
Secure Coding and Threat ModelingMiriam Celi, CISSP, GISP, MSCS, MBA
 
Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Adrian Guthrie
 
Mobile security recipes for xamarin
Mobile security recipes for xamarinMobile security recipes for xamarin
Mobile security recipes for xamarinNicolas Milcoff
 
Threat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsThreat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsEric Vétillard
 
Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...
Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...
Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...Outpost24
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chanceDr. Anish Cheriyan (PhD)
 
Cyber Security Threat Modeling
Cyber Security Threat ModelingCyber Security Threat Modeling
Cyber Security Threat ModelingDr. Anish Cheriyan (PhD)
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Mohammed Adam
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?btpsec
 
Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Mykhailo Antonishyn
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Edureka!
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementMayur Nanotkar
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing Priyanka Aash
 
20 Security Controls for the Cloud
20 Security Controls for the Cloud20 Security Controls for the Cloud
20 Security Controls for the CloudNetStandard
 
Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on VehiclesPriyanka Aash
 
Extending the 20 critical security controls to gap assessments and security m...
Extending the 20 critical security controls to gap assessments and security m...Extending the 20 critical security controls to gap assessments and security m...
Extending the 20 critical security controls to gap assessments and security m...John M. Willis
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015Security Innovation
 
Automotive Cybersecurity Challenges for Automated Vehicles: Jonathan Petit
Automotive Cybersecurity Challenges for Automated Vehicles: Jonathan PetitAutomotive Cybersecurity Challenges for Automated Vehicles: Jonathan Petit
Automotive Cybersecurity Challenges for Automated Vehicles: Jonathan PetitSecurity Innovation
 
Car Cybersecurity: The Gap Still Exists
Car Cybersecurity: The Gap Still ExistsCar Cybersecurity: The Gap Still Exists
Car Cybersecurity: The Gap Still ExistsSecurity Innovation
 

More Related Content

What's hot

Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Adrian Guthrie
 
Mobile security recipes for xamarin
Mobile security recipes for xamarinMobile security recipes for xamarin
Mobile security recipes for xamarinNicolas Milcoff
 
Threat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsThreat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsEric Vétillard
 
Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...
Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...
Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...Outpost24
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chanceDr. Anish Cheriyan (PhD)
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Mohammed Adam
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?btpsec
 
Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Mykhailo Antonishyn
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Edureka!
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementMayur Nanotkar
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing Priyanka Aash
 
20 Security Controls for the Cloud
20 Security Controls for the Cloud20 Security Controls for the Cloud
20 Security Controls for the CloudNetStandard
 
Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on VehiclesPriyanka Aash
 
Extending the 20 critical security controls to gap assessments and security m...
Extending the 20 critical security controls to gap assessments and security m...Extending the 20 critical security controls to gap assessments and security m...
Extending the 20 critical security controls to gap assessments and security m...John M. Willis
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 

What's hot (19)

Introduction to Application Security Testing
Introduction to Application Security TestingIntroduction to Application Security Testing
Introduction to Application Security Testing
 
Secure Coding and Threat Modeling
Secure Coding and Threat ModelingSecure Coding and Threat Modeling
Secure Coding and Threat Modeling
 
Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response
 
Mobile security recipes for xamarin
Mobile security recipes for xamarinMobile security recipes for xamarin
Mobile security recipes for xamarin
 
Threat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsThreat Modeling for the Internet of Things
Threat Modeling for the Internet of Things
 
Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...
Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...
Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chance
 
Cyber Security Threat Modeling
Cyber Security Threat ModelingCyber Security Threat Modeling
Cyber Security Threat Modeling
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
 
Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Secure SDLC in mobile software development.
Secure SDLC in mobile software development.
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security Management
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
 
20 Security Controls for the Cloud
20 Security Controls for the Cloud20 Security Controls for the Cloud
20 Security Controls for the Cloud
 
Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on Vehicles
 
Extending the 20 critical security controls to gap assessments and security m...
Extending the 20 critical security controls to gap assessments and security m...Extending the 20 critical security controls to gap assessments and security m...
Extending the 20 critical security controls to gap assessments and security m...
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 

Viewers also liked

The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015Security Innovation
 
Automotive Cybersecurity Challenges for Automated Vehicles: Jonathan Petit
Automotive Cybersecurity Challenges for Automated Vehicles: Jonathan PetitAutomotive Cybersecurity Challenges for Automated Vehicles: Jonathan Petit
Automotive Cybersecurity Challenges for Automated Vehicles: Jonathan PetitSecurity Innovation
 
Car Cybersecurity: The Gap Still Exists
Car Cybersecurity: The Gap Still ExistsCar Cybersecurity: The Gap Still Exists
Car Cybersecurity: The Gap Still ExistsSecurity Innovation
 
Autonomous Car & Cybersecurity - IAA 2015 - New Mobility World
Autonomous Car & Cybersecurity - IAA 2015 - New Mobility WorldAutonomous Car & Cybersecurity - IAA 2015 - New Mobility World
Autonomous Car & Cybersecurity - IAA 2015 - New Mobility WorldMahbubul Alam
 
Cybersecurity Trends and CyberVision : 2015 - 2025
Cybersecurity Trends and CyberVision : 2015 - 2025Cybersecurity Trends and CyberVision : 2015 - 2025
Cybersecurity Trends and CyberVision : 2015 - 2025Dr David Probert
 
Automotive Linux, Cybersecurity and Transparency
Automotive Linux, Cybersecurity and TransparencyAutomotive Linux, Cybersecurity and Transparency
Automotive Linux, Cybersecurity and TransparencyAlison Chaiken
 
The New Assembly Line: 3 Best Practices for Building (Secure) Connected Cars
The New Assembly Line: 3 Best Practices for Building (Secure) Connected CarsThe New Assembly Line: 3 Best Practices for Building (Secure) Connected Cars
The New Assembly Line: 3 Best Practices for Building (Secure) Connected CarsLookout
 

Viewers also liked (8)

The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015
 
Automotive Cybersecurity Challenges for Automated Vehicles: Jonathan Petit
Automotive Cybersecurity Challenges for Automated Vehicles: Jonathan PetitAutomotive Cybersecurity Challenges for Automated Vehicles: Jonathan Petit
Automotive Cybersecurity Challenges for Automated Vehicles: Jonathan Petit
 
Car Cybersecurity: The Gap Still Exists
Car Cybersecurity: The Gap Still ExistsCar Cybersecurity: The Gap Still Exists
Car Cybersecurity: The Gap Still Exists
 
Autonomous Car & Cybersecurity - IAA 2015 - New Mobility World
Autonomous Car & Cybersecurity - IAA 2015 - New Mobility WorldAutonomous Car & Cybersecurity - IAA 2015 - New Mobility World
Autonomous Car & Cybersecurity - IAA 2015 - New Mobility World
 
Cybersecurity Trends and CyberVision : 2015 - 2025
Cybersecurity Trends and CyberVision : 2015 - 2025Cybersecurity Trends and CyberVision : 2015 - 2025
Cybersecurity Trends and CyberVision : 2015 - 2025
 
Automotive Linux, Cybersecurity and Transparency
Automotive Linux, Cybersecurity and TransparencyAutomotive Linux, Cybersecurity and Transparency
Automotive Linux, Cybersecurity and Transparency
 
Automotive security testing
Automotive security testing Automotive security testing
Automotive security testing
 
The New Assembly Line: 3 Best Practices for Building (Secure) Connected Cars
The New Assembly Line: 3 Best Practices for Building (Secure) Connected CarsThe New Assembly Line: 3 Best Practices for Building (Secure) Connected Cars
The New Assembly Line: 3 Best Practices for Building (Secure) Connected Cars
 

Similar to The road towards better automotive cybersecurity

Create code confidence for better application security
Create code confidence for better application security Create code confidence for better application security
Create code confidence for better application security Rogue Wave Software
 
Top 5 best practice for delivering secure in-vehicle software
Top 5 best practice for delivering secure in-vehicle softwareTop 5 best practice for delivering secure in-vehicle software
Top 5 best practice for delivering secure in-vehicle softwareRogue Wave Software
 
Navigating agile automotive software development
Navigating agile automotive software development Navigating agile automotive software development
Navigating agile automotive software development Rogue Wave Software
 
Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Rogue Wave Software
 
Create code confidence for better application security
Create code confidence for better application securityCreate code confidence for better application security
Create code confidence for better application securityRogue Wave Software
 
Five ways to protect your software supply chain from hacks, quacks, and wrecks
Five ways to protect your software supply chain from hacks, quacks, and wrecksFive ways to protect your software supply chain from hacks, quacks, and wrecks
Five ways to protect your software supply chain from hacks, quacks, and wrecksRogue Wave Software
 
Perforce on Tour 2015 - Grab Testing By the Horns and Move
Perforce on Tour 2015 - Grab Testing By the Horns and MovePerforce on Tour 2015 - Grab Testing By the Horns and Move
Perforce on Tour 2015 - Grab Testing By the Horns and MovePerforce
 
Continuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycleContinuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycleRogue Wave Software
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliveryTim Mackey
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliveryBlack Duck by Synopsys
 
PCI and Vulnerability Assessments - What’s Missing?
PCI and Vulnerability Assessments - What’s Missing?PCI and Vulnerability Assessments - What’s Missing?
PCI and Vulnerability Assessments - What’s Missing?Black Duck by Synopsys
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemRogue Wave Software
 
Cybersecurity overview - Open source compliance seminar
Cybersecurity overview - Open source compliance seminarCybersecurity overview - Open source compliance seminar
Cybersecurity overview - Open source compliance seminarRogue Wave Software
 
Rapid software testing and conformance with static code analysis
Rapid software testing and conformance with static code analysisRapid software testing and conformance with static code analysis
Rapid software testing and conformance with static code analysisRogue Wave Software
 
Create Agile confidence for better application security
Create Agile confidence for better application securityCreate Agile confidence for better application security
Create Agile confidence for better application securityRogue Wave Software
 
Open Source Security for Newbies - Best Practices
Open Source Security for Newbies - Best PracticesOpen Source Security for Newbies - Best Practices
Open Source Security for Newbies - Best PracticesBlack Duck by Synopsys
 
Managing Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix EcosystemManaging Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix EcosystemDenim Group
 
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...Denim Group
 

Similar to The road towards better automotive cybersecurity (20)

Create code confidence for better application security
Create code confidence for better application security Create code confidence for better application security
Create code confidence for better application security
 
Top 5 best practice for delivering secure in-vehicle software
Top 5 best practice for delivering secure in-vehicle softwareTop 5 best practice for delivering secure in-vehicle software
Top 5 best practice for delivering secure in-vehicle software
 
Navigating agile automotive software development
Navigating agile automotive software development Navigating agile automotive software development
Navigating agile automotive software development
 
Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization
 
Create code confidence for better application security
Create code confidence for better application securityCreate code confidence for better application security
Create code confidence for better application security
 
Five ways to protect your software supply chain from hacks, quacks, and wrecks
Five ways to protect your software supply chain from hacks, quacks, and wrecksFive ways to protect your software supply chain from hacks, quacks, and wrecks
Five ways to protect your software supply chain from hacks, quacks, and wrecks
 
Perforce on Tour 2015 - Grab Testing By the Horns and Move
Perforce on Tour 2015 - Grab Testing By the Horns and MovePerforce on Tour 2015 - Grab Testing By the Horns and Move
Perforce on Tour 2015 - Grab Testing By the Horns and Move
 
Autos, Wi-Fi, and IoT
Autos, Wi-Fi, and IoTAutos, Wi-Fi, and IoT
Autos, Wi-Fi, and IoT
 
Continuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycleContinuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycle
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
 
PCI and Vulnerability Assessments - What’s Missing?
PCI and Vulnerability Assessments - What’s Missing?PCI and Vulnerability Assessments - What’s Missing?
PCI and Vulnerability Assessments - What’s Missing?
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded system
 
Cybersecurity overview - Open source compliance seminar
Cybersecurity overview - Open source compliance seminarCybersecurity overview - Open source compliance seminar
Cybersecurity overview - Open source compliance seminar
 
Rapid software testing and conformance with static code analysis
Rapid software testing and conformance with static code analysisRapid software testing and conformance with static code analysis
Rapid software testing and conformance with static code analysis
 
Create Agile confidence for better application security
Create Agile confidence for better application securityCreate Agile confidence for better application security
Create Agile confidence for better application security
 
Open Source Security for Newbies - Best Practices
Open Source Security for Newbies - Best PracticesOpen Source Security for Newbies - Best Practices
Open Source Security for Newbies - Best Practices
 
Managing Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix EcosystemManaging Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix Ecosystem
 
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
 

More from Rogue Wave Software

The Global Influence of Open Banking, API Security, and an Open Data Perspective
The Global Influence of Open Banking, API Security, and an Open Data PerspectiveThe Global Influence of Open Banking, API Security, and an Open Data Perspective
The Global Influence of Open Banking, API Security, and an Open Data PerspectiveRogue Wave Software
 
No liftoff, touchdown, or heartbeat shall miss because of a software failure
No liftoff, touchdown, or heartbeat shall miss because of a software failureNo liftoff, touchdown, or heartbeat shall miss because of a software failure
No liftoff, touchdown, or heartbeat shall miss because of a software failureRogue Wave Software
 
Disrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformationDisrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformationRogue Wave Software
 
Leveraging open banking specifications for rigorous API security – What’s in...
Leveraging open banking specifications for rigorous API security – What’s in...Leveraging open banking specifications for rigorous API security – What’s in...
Leveraging open banking specifications for rigorous API security – What’s in...Rogue Wave Software
 
Adding layers of security to an API in real-time
Adding layers of security to an API in real-timeAdding layers of security to an API in real-time
Adding layers of security to an API in real-timeRogue Wave Software
 
Getting the most from your API management platform: A case study
Getting the most from your API management platform: A case studyGetting the most from your API management platform: A case study
Getting the most from your API management platform: A case studyRogue Wave Software
 
Advanced technologies and techniques for debugging HPC applications
Advanced technologies and techniques for debugging HPC applicationsAdvanced technologies and techniques for debugging HPC applications
Advanced technologies and techniques for debugging HPC applicationsRogue Wave Software
 
The forgotten route: Making Apache Camel work for you
The forgotten route: Making Apache Camel work for youThe forgotten route: Making Apache Camel work for you
The forgotten route: Making Apache Camel work for youRogue Wave Software
 
Are open source and embedded software development on a collision course?
Are open source and embedded software development on a collision course?Are open source and embedded software development on a collision course?
Are open source and embedded software development on a collision course?Rogue Wave Software
 
Three big mistakes with APIs and microservices
Three big mistakes with APIs and microservices Three big mistakes with APIs and microservices
Three big mistakes with APIs and microservices Rogue Wave Software
 
5 strategies for enterprise cloud infrastructure success
5 strategies for enterprise cloud infrastructure success5 strategies for enterprise cloud infrastructure success
5 strategies for enterprise cloud infrastructure successRogue Wave Software
 
PSD2 & Open Banking: How to go from standards to implementation and compliance
PSD2 & Open Banking: How to go from standards to implementation and compliancePSD2 & Open Banking: How to go from standards to implementation and compliance
PSD2 & Open Banking: How to go from standards to implementation and complianceRogue Wave Software
 
Java 10 and beyond: Keeping up with the language and planning for the future
Java 10 and beyond: Keeping up with the language and planning for the futureJava 10 and beyond: Keeping up with the language and planning for the future
Java 10 and beyond: Keeping up with the language and planning for the futureRogue Wave Software
 
How to keep developers happy and lawyers calm (Presented at ESC Boston)
How to keep developers happy and lawyers calm (Presented at ESC Boston)How to keep developers happy and lawyers calm (Presented at ESC Boston)
How to keep developers happy and lawyers calm (Presented at ESC Boston)Rogue Wave Software
 
Open source applied - Real world use cases (Presented at Open Source 101)
Open source applied - Real world use cases (Presented at Open Source 101)Open source applied - Real world use cases (Presented at Open Source 101)
Open source applied - Real world use cases (Presented at Open Source 101)Rogue Wave Software
 
How to migrate SourcePro apps from Solaris to Linux
How to migrate SourcePro apps from Solaris to LinuxHow to migrate SourcePro apps from Solaris to Linux
How to migrate SourcePro apps from Solaris to LinuxRogue Wave Software
 
Approaches to debugging mixed-language HPC apps
Approaches to debugging mixed-language HPC appsApproaches to debugging mixed-language HPC apps
Approaches to debugging mixed-language HPC appsRogue Wave Software
 
Enterprise Linux: Justify your migration from Red Hat to CentOS
Enterprise Linux: Justify your migration from Red Hat to CentOSEnterprise Linux: Justify your migration from Red Hat to CentOS
Enterprise Linux: Justify your migration from Red Hat to CentOSRogue Wave Software
 
Walk through an enterprise Linux migration
Walk through an enterprise Linux migrationWalk through an enterprise Linux migration
Walk through an enterprise Linux migrationRogue Wave Software
 
How to keep developers happy and lawyers calm
How to keep developers happy and lawyers calmHow to keep developers happy and lawyers calm
How to keep developers happy and lawyers calmRogue Wave Software
 

More from Rogue Wave Software (20)

The Global Influence of Open Banking, API Security, and an Open Data Perspective
The Global Influence of Open Banking, API Security, and an Open Data PerspectiveThe Global Influence of Open Banking, API Security, and an Open Data Perspective
The Global Influence of Open Banking, API Security, and an Open Data Perspective
 
No liftoff, touchdown, or heartbeat shall miss because of a software failure
No liftoff, touchdown, or heartbeat shall miss because of a software failureNo liftoff, touchdown, or heartbeat shall miss because of a software failure
No liftoff, touchdown, or heartbeat shall miss because of a software failure
 
Disrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformationDisrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformation
 
Leveraging open banking specifications for rigorous API security – What’s in...
Leveraging open banking specifications for rigorous API security – What’s in...Leveraging open banking specifications for rigorous API security – What’s in...
Leveraging open banking specifications for rigorous API security – What’s in...
 
Adding layers of security to an API in real-time
Adding layers of security to an API in real-timeAdding layers of security to an API in real-time
Adding layers of security to an API in real-time
 
Getting the most from your API management platform: A case study
Getting the most from your API management platform: A case studyGetting the most from your API management platform: A case study
Getting the most from your API management platform: A case study
 
Advanced technologies and techniques for debugging HPC applications
Advanced technologies and techniques for debugging HPC applicationsAdvanced technologies and techniques for debugging HPC applications
Advanced technologies and techniques for debugging HPC applications
 
The forgotten route: Making Apache Camel work for you
The forgotten route: Making Apache Camel work for youThe forgotten route: Making Apache Camel work for you
The forgotten route: Making Apache Camel work for you
 
Are open source and embedded software development on a collision course?
Are open source and embedded software development on a collision course?Are open source and embedded software development on a collision course?
Are open source and embedded software development on a collision course?
 
Three big mistakes with APIs and microservices
Three big mistakes with APIs and microservices Three big mistakes with APIs and microservices
Three big mistakes with APIs and microservices
 
5 strategies for enterprise cloud infrastructure success
5 strategies for enterprise cloud infrastructure success5 strategies for enterprise cloud infrastructure success
5 strategies for enterprise cloud infrastructure success
 
PSD2 & Open Banking: How to go from standards to implementation and compliance
PSD2 & Open Banking: How to go from standards to implementation and compliancePSD2 & Open Banking: How to go from standards to implementation and compliance
PSD2 & Open Banking: How to go from standards to implementation and compliance
 
Java 10 and beyond: Keeping up with the language and planning for the future
Java 10 and beyond: Keeping up with the language and planning for the futureJava 10 and beyond: Keeping up with the language and planning for the future
Java 10 and beyond: Keeping up with the language and planning for the future
 
How to keep developers happy and lawyers calm (Presented at ESC Boston)
How to keep developers happy and lawyers calm (Presented at ESC Boston)How to keep developers happy and lawyers calm (Presented at ESC Boston)
How to keep developers happy and lawyers calm (Presented at ESC Boston)
 
Open source applied - Real world use cases (Presented at Open Source 101)
Open source applied - Real world use cases (Presented at Open Source 101)Open source applied - Real world use cases (Presented at Open Source 101)
Open source applied - Real world use cases (Presented at Open Source 101)
 
How to migrate SourcePro apps from Solaris to Linux
How to migrate SourcePro apps from Solaris to LinuxHow to migrate SourcePro apps from Solaris to Linux
How to migrate SourcePro apps from Solaris to Linux
 
Approaches to debugging mixed-language HPC apps
Approaches to debugging mixed-language HPC appsApproaches to debugging mixed-language HPC apps
Approaches to debugging mixed-language HPC apps
 
Enterprise Linux: Justify your migration from Red Hat to CentOS
Enterprise Linux: Justify your migration from Red Hat to CentOSEnterprise Linux: Justify your migration from Red Hat to CentOS
Enterprise Linux: Justify your migration from Red Hat to CentOS
 
Walk through an enterprise Linux migration
Walk through an enterprise Linux migrationWalk through an enterprise Linux migration
Walk through an enterprise Linux migration
 
How to keep developers happy and lawyers calm
How to keep developers happy and lawyers calmHow to keep developers happy and lawyers calm
How to keep developers happy and lawyers calm
 

Recently uploaded

Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendArshad QA
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfCionsystems
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 

Recently uploaded (20)

Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and Backend
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdf
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 

The road towards better automotive cybersecurity

  • 1. The road towards better automotive cybersecurity May 27, 2015 Rogue Wave Accelerate Series Part 1 of 3
  • 2. Jeff Hildreth, Automotive Account Manager Rogue Wave Software Presenter © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 2
  • 3. Agenda • We’re all saying the same thing • Wrangling order from chaos • A holistic approach to cybersecurity • Take action! • Q&A 3© 2015 Rogue Wave Software, Inc. All Rights Reserved
  • 5. We’re all saying the same thing 5© 2015 Rogue Wave Software, Inc. All Rights Reserved
  • 6. © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 6 “We all clearly created these presentations in a vacuum because we’re all using the same material.” IQPC Automotive Cyber Security Summit, two months ago Develop a specific strategy that fits into what we’re already doing Be different You have the tools already
  • 7. © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 7 Wrangling order from chaos Look at the data you’re already faced with: 1000s of bugs How do you handle this information overload? HIL failure cases Customer defects Avg. number of security risks: 22.4 Safety requirements
  • 8. © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 8 Security information overload News Blogs, social media conferences Security standards OWASP, CWE, CERT, etc. Senator Markey report NVD, White Hat, Black Hat OEMs, internal Media More and more software running inside your car Standards and legislation Research Requirements Developers don’t know security (80% failed security knowledge survey)
  • 10. A holistic approach to cybersecurity © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 10 Threat Model Internal Threat Metric External Data Action Information overload Develop an adaptive threat model
  • 11. © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 11 Threat model  Scanning to discover open Threat modelling identifies, quantifies, and addresses security risks by: 1. Understanding the application & environment 2. Identifying & prioritizing threats 3. Determining mitigation actions Identify Assets System Overview Decompose Application Identify Threats Prioritize Threats
  • 12. External data sources © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 12 Standards • Common Weakness Enumeration (MITRE) • Open Web Application Security Project (OWASP) • CERT (Carnegie Mellon University) National Governing Bodies CVE database National Vulnerability Database OEM RFP requirements Research White Hat/Black Hat University studies Media Development Team
  • 14. Internal metrics © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 14 Testing Automated unit tests Hardware in the Loop (HIL) testing Security Team Penetration tests Open source scanning Software Tools Static Code Analysis (SCA) Compiler warnings Requirements Development Team
  • 15. Developing a Threat Metric © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 15 Build score • Automated and functional testing gives you a pass/fail metric on every run of the test suite • A metric can be generated from penetration testing based on the number of exploitable paths in your code base • Software tools give you a count of critical static analysis and compiler warnings • A metric can be developed based on the presence of snippets of open source code previously undetected or open source with new known vulnerabilities • All of these metrics can be generated on every build of your software
  • 16. Accept Sprint 1 Sprint 2 Sprint n Release Change Adjust and Track Feedback Review Next Iteration No! Yes! Release to Market Integrate and Test Integrate and Test Integrate and Test Agile development: Integrated security Characteristics • Multiple testing points • Rapid feedback required • “Outside” testing does not meet agile needs 16© 2015 Rogue Wave Software, Inc. All Rights Reserved.
  • 17. Standards Governing bodies OEM RFP requirements Research Media Continuous metric updates © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 17 Testing Pen tests OSS scanning Software tools Requirements Development Team
  • 18. Example: ECU © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 18 Front ADAS Gateway Infotainment Rear distribution amplifier Camera Radar X by wire Telematics Power train Camera Radar
  • 19. Static code analysis (SCA) © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 19 Static code analysis Traditionally used to find simple, annoying bugs Modern, state-of-the-art SCA: Sophisticated inter- procedural control and data-flow analysis Model-based simulation of runtime expectation Provides an automated view of all possible execution paths Find complex bugs and runtime errors, such as memory leaks, concurrency violations, buffer overflows Check compliance with internationally recognized standards: MISRA CWE OWASP ISO26262
  • 20. Static code analysis © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 20 Keep your metric up to date • Standards: rely on your static code analysis vendor to provide updates to the latest security standards • Research: rely on your vendor to develop custom rules based on research shared by security analysts • OEM requirements: prove that standards have been enforced
  • 21. Take action © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 21 Check code faster • Issues identified at your desktop – Correct code before check-in – All areas impacted by a given defect are highlighted – After system build, the impact of other developers’ code is also delivered to the desktop for corrective action • Create custom checkers to meet specific needs • Debugger-like call-stack highlights the cause of the issues • Context-sensitive help provides industry best-practices and explanations 50% of defects introduced here Build Analysis / Test
  • 22. Open source scanning © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 22 Keep your metric up to date • Deploy a governance and provisioning platform to white list/black list open source packages • Be informed when new vulnerabilities are published through the National Vulnerability Database • Know what’s in your source code by scanning for snippets that have been copied and pasted
  • 23. Measuring open source risks © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 23 • Know your inventory with OSS scanning – Automated, repeatable way to locate OSS packages (and packages within packages!) and licensing obligations – Look for scanning tools that: • are SaaS – easier to set up and maintain • Protect your IP by not requiring source code upload • Maintain OSS support – Get notified of latest patches, risks, bugs • Establish an OSS policy to minimize risk – Use only trusted packages – Notify and update security fixes
  • 24. Scan results example © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 24
  • 25. © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 25 Conclusions The application security world is fluid Create concrete, actionable strategies (Threat Metric, analysis & scanning) Delivery cycles are short Update regularly with well- defined process (Agile, CI)
  • 26. See us in action: www.roguewave.com Jeff Hildreth | jeff.hildreth@roguewave.com

Editor's Notes

  1. Do you think hackers are currently targeting automobiles? Yes No
  2. Most applications have 22.4 security risks (2013 Global Application Security Risk Report – Aspect Security)
  3. Market report: http://www.markey.senate.gov/news/press-releases/markey-report-reveals-automobile-security-and-privacy-vulnerabilities
  4. Approximately how much time do you think security testing adds to your software development process? 10% 25% 75% 100% - Delphi presentation: between 20 – 30% engineering time to your release cycle - No one at the security conference was able to answer this question
  5. Holistic – characterized by comprehension of the parts of something as intimately connected and explicable only by reference to the whole What attacks will these software components be exposed to? Will it be accessible over some type of network? Is remote access possible? Is the weakness easy to comprehend by the average attacker? How do we gauge the “security health” of code coming in? How do we achieve compliance? Lengthy process, unclear expectations, lots of resources Let’s not forget the regular bugs Can automated testing be more effective?
  6. When making decisions about software security, which input has the biggest influence? Media Security standards (OWASP, CWE, CERT, etc.) Customer (OEM) requirements Research (NVD, White Hat, Black Hat) We don’t make software security decisions
  7. In an agile environment, release cycles may be measured in days rather than weeks, making testing for security and compliance more challenging. Shipping code to a separate group for testing, and receiving results days later, breaks the agile model. Feedback loops need to be rapid and continuous. In this setting, compliance and security testing and feedback must be integrated with the rest of the agile team.
  8. Metric status flies in for each ECU