White Papers

DevSecOps in the Automotive Sector

Issue link: https://resources.windriver.com/i/1358116

Contents of this Issue


Page 2 of 9

2 The DevSecOps process evolved from DevOps, which combines software development and oper- ations into a unified process with a cyclical flow. This cycle relies on rapid releases of code, vigorous testing and feed- back, and awareness of the full lifecycle of the software product. Broad- ly adopted by many organizations as a fundamental and useful set of practices to guide software builds and updates, DevOps has evolved into DevSecOps, adding security provisions into the cyclical flow, as shown in Figure 1. Code planning, building, testing progress, and securi- ty issues — including threat mitigation, scanning, analysis, remediation, and ongoing monitoring of each release of the code — are examined as part of the cycle. Vehicle security protection is paramount in two main areas: the design and use of electronic control units (ECUs) and automated driver assis- tance systems (ADASes). The repercussions of a vehicle's ECU or ADAS being hacked or controlled externally by someone other than the driver could be extreme, in terms of both safety and personal privacy. SEC DEVELOP DEPLOY MONITOR OPS SECURITY SECURITY Threat Model Secure Coding Digital Sign Pen Test Security as Code DAST SAST Security Config Secure Coding Security Monitor Security Analysis Security Scan Security Audit Security Patch TEST DEV Figure 1. DevSecOps adds securi to familiar DevOps practices What Is DevSecOps? "As a result of the overarching cyber- security concerns in modern automo- biles, the United Nations Economic Commission for Europe (UNECE) recently developed two new regulations on cybersecurity and software secu- rity designed to help manage the risks moving forward for both manufacturers and consumers." — SecurityBoulevard.com

Articles in this issue

Links on this page

view archives of White Papers - DevSecOps in the Automotive Sector