Subscribe
Share
Share
Embed
As cars become smarter and more connected, the demand for top-tier automotive cyber security has never been higher. With expert insights from PlaxidityX, a leading automotive cyber security company, we’ll guide you through the challenges and solutions protecting millions of vehicles worldwide. Whether you’re an industry expert or just curious about how cars are secured in the digital age, this podcast comprehensively looks at how cyber defenses are developed, tested, and deployed.
We don’t just talk about the technology; we talk about what it means for you—the driver, the manufacturer, the tech enthusiast. We explore how automotive cyber security solutions are applied in real-world scenarios to safeguard everything from onboard infotainment systems to critical vehicle control units.
Tune in to gain a deeper understanding of how manufacturers are staying one step ahead of hackers and ensuring a more secure, connected world.
00:00:00:09 - 00:00:03:12
Unknown
Welcome to cars, hackers and cybersecurity.
00:00:04:01 - 00:00:07:01
Unknown
Here we break down the latest in automotive cybersecurity,
00:00:07:01 - 00:00:10:16
Unknown
helping you stay ahead in building secure connected vehicles.
00:00:12:13 - 00:00:22:24
Unknown
Hi. Today we'll explore how DevSecOps integrates cybersecurity into the automotive development lifecycle, enabling rapid, secure vehicle software production.
00:00:22:24 - 00:00:52:13
Unknown
The automotive industry is in the midst of a major transformation, and this shift is being powered by software with ten times more lines of code than a fighter jet. Today's software defined vehicles are aptly referred to as code on wheels, while revolutionizing the way OEMs build cars. This software powered shift has also introduced new risks and challenges. As cars become more technology centric, they are increasingly exposed to software vulnerabilities and cybersecurity threats.
00:00:52:15 - 00:01:10:04
Unknown
In terms of functionality, OEMs need to integrate components from multiple software vendors, ensure development of secure, high quality code, and support ongoing software updates. At the same time, OEMs must make sure their vehicles comply with complex and stringent standards and regulations
00:01:10:04 - 00:01:16:08
Unknown
For example, UNR 155 and 156, ISO 21 434
00:01:16:09 - 00:01:17:12
Unknown
Spice, etc..
00:01:17:24 - 00:01:31:10
Unknown
To overcome these challenges, OEM are seeking tools that will allow them to rapidly develop vehicle software, integrate cyber security within the development cycle, and shorten time to market.
00:01:31:12 - 00:01:57:18
Unknown
Implementing Security by Design with DevSecOps for automotive. In a world where cyber security is essential for vehicle functionality and safety, it's imperative to integrate security measures early in the development process. An issue or vulnerability detected during development is much easier to fix than one detected after the car has been rolled out. Not to mention the cost and reputation damage of a recall.
00:01:57:20 - 00:02:23:11
Unknown
DevSecOps extends the principles of DevOps to incorporate cyber security seamlessly throughout the software development lifecycle. It automates the integration of cyber security practices at every phase of the software development lifecycle, from initial design through integration, testing, delivery and deployment. This proactive approach ensures that cyber security is an integral part of product design rather than an afterthought.
00:02:24:21 - 00:02:28:21
Unknown
Introducing the Plex Dev DevSecOps platform
00:02:30:09 - 00:02:43:21
Unknown
using state of the art tools and methods designed specifically for the automotive sector, Plex complexity ADX has built a comprehensive DevSecOps platform aimed at helping automakers leapfrog into the new software defined world.
00:02:43:23 - 00:03:14:03
Unknown
Leveraging our proven cyber security and testing capabilities, this first of its kind platform automates the entire DevSecOps process from design to operations. It helps accelerate development and testing by embracing shift left and security by design concepts. This allows development teams to shorten time between updates, reduce costs, and better meet market demand for functional flexibility. The Plex DevSecOps platform comprises the following modules.
00:03:14:20 - 00:03:16:14
Unknown
Security Auto Designer
00:03:17:10 - 00:03:29:12
Unknown
performs automated threat analysis and risk assessment, or Tara, and proactively identifies potential threats and vulnerabilities during the architecture design stage. Prior to actual development,
00:03:30:15 - 00:03:32:21
Unknown
a security auto tester
00:03:33:23 - 00:03:55:03
Unknown
brings automotive software developers enterprise grade automatic security testing such as fuzz and penetration testing, including approximately 200 package test cases for comprehensive coverage. Automation accelerates time to value, enabling quick fixes and testing reruns for detected vulnerabilities.
00:03:56:04 - 00:03:57:11
Unknown
Code Security Manager
00:03:58:03 - 00:04:09:16
Unknown
provides an advanced set of static, white box and dynamic testing capabilities to identify vulnerabilities. The Advanced Software Composition Analysis Module extracts the software bill of materials
00:04:09:16 - 00:04:10:11
Unknown
bomb.
00:04:10:11 - 00:04:25:15
Unknown
and examines code for vulnerabilities using security and application intelligence. Automated compliance verification enables OEMs to extend existing CI CD pipelines to include continuous compliance and create the foundation for secure software development.
00:04:25:15 - 00:04:26:16
Unknown
Lifecycle
00:04:28:06 - 00:04:30:12
Unknown
software supply chain security
00:04:31:15 - 00:04:34:10
Unknown
Automatically extracts the bomb from binaries including.
00:04:34:10 - 00:04:35:00
Unknown
auto sa.
00:04:35:00 - 00:04:36:04
Unknown
Linux, and Android,
00:04:36:04 - 00:04:42:24
Unknown
and manages ECUs, hardware components and software library assets per project or vehicle model
00:04:44:13 - 00:04:49:14
Unknown
one coherent platform leveraging automotive cybersecurity expertise.
00:04:50:09 - 00:05:02:19
Unknown
The DevSecOps platform leverages Placidity access, deep understanding of vehicle architectures, protocols, and networks, as well as our vast experience in cyber technologies and research.
00:05:02:21 - 00:05:31:02
Unknown
For over a decade, Placidity has been providing OEMs and tier ones with a full range of cyber security, compliance, engineering, testing and operations services for all stages of the product lifecycle. These services, such as code review, penetration testing and terror, ensure vehicles are secured by design in accordance with industry standards and regulations to strengthen manufacturers cybersecurity posture and facilitate compliance.
00:05:31:02 - 00:06:00:08
Unknown
Over the past few months, Placidity has productized these life cycle cybersecurity capabilities and tools into one coherent and consistent platform that automates the entire DevSecOps process, from design and build to testing and operations. Until now, point solutions have been available from different vendors, but integrating them into a single automated process is a huge undertaking for most OEMs. The Plex X platform does that for you.
00:06:01:12 - 00:06:06:15
Unknown
Bottom line rapid development, secure code, faster time to market.
00:06:07:15 - 00:06:41:07
Unknown
The safety and security of tomorrow's software defined and autonomous vehicles hinge on the ability of OEMs and their suppliers to secure software development processes by adopting a cybersecurity by design approach for SD development. OEMs can accelerate production timelines, enhance business agility, and gain a competitive edge going forward. The Plex Cityty X DevSecOps platform helps OEMs and their suppliers modernize their toolchain using a comprehensive set of the most advanced capabilities available today.
00:06:41:09 - 00:06:54:04
Unknown
Based on a shift left, proactive approach, this breakthrough platform streamlines Steve development and improves product quality in terms of cybersecurity, code quality, and compliance.
00:06:55:01 - 00:07:00:24
Unknown
That's all for today's episode. Keep your engines running smooth and your cyber defense is sharp.
00:07:00:24 - 00:07:05:12
Unknown
Stay connected by subscribing and visiting placidity. X-Com.
00:07:05:12 - 00:07:09:12
Unknown
Until next time, stay safe on the road and in the cloud.