- Establish Common Language, Metrics, and Requirements Company-Wide:start the developing process with the end result in mind. Define the set of security requirements that should be aimed for across the various product lines and types (for example, safety systems vs. non-safety critical systems);
- Enable Teams to Achieve Security Robustness Requirements:it is necessary to clearly understand security design requirements (specific to the product in question) for the SDL/Lean/V development process. Company metrics and requirements are the first steps, but every platform or product will generate its specific attack profile;
- Apply Security Robustness Across the Value Chain: the security requirements that have thus far been defined must apply to all aspects of the development process. Therefore, it is necessary to enforce the requirements through the process, which could benefit from involving a purchasing organization as well;
- Measure Progress on an Ongoing Basis During the Project Cycle:it is well understood that an evaluation of performance against goals needs to be performed after a project to determine whether it was successful. However, waiting until the end of a project is a mistake; ongoing feedback and evaluation throughout the project can save enormous amounts of resources and headaches;
- Verify Final Integration and Implementation:despite thoroughly and effectively establishing all security robustness principles throughout the development cycle up to this point, it is still possible to see notable vulnerabilities during implementation and integration engineering.
When followed accurately, these principles will effectively mitigate the real threat of security vulnerability in automotive products and devices and enable OEMs to fulfill the requirements of the industry. But what are the challenges of these five principles, and how can they be addressed? In this paper, Riscure provides more details about the security challenges and success stories.
Register below to download the full paper