Automotive safety has been a major concern for manufacturers everywhere and now the threat of automotive hacking looms. Your team may be familiar with safety standards and defensive coding techniques but do you know how to handle security threats at the code level? What can you do next to transform your processes and development strategies?
Join automotive experts from Rogue Wave Software for the first in a three-part series on securing your code and solidifying processes to ensure safe, defect-free software. By educating teams and understanding proven techniques, you’ll be able to take the next step towards less risk and more value for your applications.
In this first one-hour webinar you'll learn:
- Techniques to protect your automotive software systems from risk
- Tools that accelerate compliance with security and safety standards
- Tips to ensure defects are eliminated as early as possible
Approximately how much time do you think security testing adds to your software development process?
10%
25%
75%
100%
- Delphi presentation: between 20 – 30% engineering time to your release cycle
- No one at the security conference was able to answer this question
Holistic – characterized by comprehension of the parts of something as intimately connected and explicable only by reference to the whole
What attacks will these software components be exposed to?
Will it be accessible over some type of network? Is remote access possible? Is the weakness easy to comprehend by the average attacker?
How do we gauge the “security health” of code coming in?
How do we achieve compliance?
Lengthy process, unclear expectations, lots of resources
Let’s not forget the regular bugs
Can automated testing be more effective?
When making decisions about software security, which input has the biggest influence?
Media
Security standards (OWASP, CWE, CERT, etc.)
Customer (OEM) requirements
Research (NVD, White Hat, Black Hat)
We don’t make software security decisions
In an agile environment, release cycles may be measured in days rather than weeks, making testing for security and compliance more challenging. Shipping code to a separate group for testing, and receiving results days later, breaks the agile model. Feedback loops need to be rapid and continuous. In this setting, compliance and security testing and feedback must be integrated with the rest of the agile team.