Comments by: Chris Clark, Senior Manager at Synopsys Software Integrity Group
Automotive manufacturers go to great lengths to keep next model year vehicles from prying eyes and the same is true for data, especially R&D data. Protecting key assets like research data is especially critical in a high-intensity market like automotive. The drive to reduce 200 platforms that must be supported, to 20 or fewer is an ever-increasing need as is the focus on designing an in-house SoC and next-generation in-vehicle networks.
Manufacturers must continue to look at how they treat, store, and share data to protect these assets. After all, software is at the core of innovation, and the recent wave of ransomware and supply chain attacks have demonstrated that compromised software can have a devastating impact on an organisation. This reaches past the traditional IT protection methods like penetration testing, silicon, and software life cycle management systems. Developers and their peers in the testing teams must be aware of their role in protecting software and data.
The risk does not end when the hole is plugged though. Potential threat actors may have some insight based on the data that was released. For this reason, automotive manufacturers must examine the technologies that rely on this data.