See how to easily integrate static analysis, unit testing, and other C & C++ software testing methods into your CI/CD pipeline. Register for Demo >>
As part of Agile project management, teams need to implement thorough testing to verify and validate automotive software design requirements in critical product engineering phases to gain confidence that vehicle electric and electronic systems meet automotive cybersecurity policies and processes. This overview of ISO/SAE 21434 shows how it fits into these processes.
Like ISO 26262 and other aspects of international standards around automotive industry development, ISO 21434 works to protect vehicle and automotive security.
It covers every single stage of the vehicle life cycle from design, secure engineering, and product development to decommissioning. Cybersecurity engineering applies to connected vehicles, electronic systems, software, and more. In addition, the automotive security standard gives developers a thorough road map for incorporating safety measures in development processes across the supply chain.
The purpose of the standard is to define a structural process to ensure cybersecurity is “designed-in” from the start. This allows developers to address cyber threats to the vehicle and its electrical and electronic components.
OEMs, Tier 1, and Tier 2 suppliers must demonstrate due diligence in handling vehicle development in preventing cyberattacks. The goal is to reduce the potential for a successful attack and minimize potential losses by designing security-in from the start.
Traditional automotive safety and cybersecurity standards have not adequately addressed increasing threats to cybersecurity for road vehicles. This led to OEMs, Tier 1, and Tier 2 suppliers formalizing their own approaches to address cybersecurity.
ISO 21434 eliminates the need for individual approaches and provides a common framework to tackle cybersecurity for automotive production. It defines requirements for cybersecurity processes and develops a common language for understanding software security and cybersecurity risk management.
In summary, ISO 21434 is intended to accomplish the following:
Parasoft automated software testing solutions used during software verification and validation help automotive OEMs, Tier 1, and Tier 2 suppliers perform safety audits and other assessment methods to identify safety issues and a potential cybersecurity incident. Then, you can address them before production.
Automate static analysis checkers to verify compliance with ISO/SAE 21434 cybersecurity requirements using coding standards like MISRA C:2012, MISRA C++:2008, AUTOSAR C++14, CERT, CWE, and more.
Incorporate cybersecurity from the start by connecting the dots between requirements and source code, test cases, and test results. Parasoft integration with requirements management systems provides traceability to determine how many requirements were already implemented and how thoroughly they have been tested.
Use graphical editors from Parasoft C/C++ test to automate the process of unit test creation and satisfy low-level cybersecurity requirements.
Find the gaps in testing coverage before potential attackers do. Use structural code coverage metrics like statement, branch, and MC/DC to build confidence in your software testing from all levels: unit, integration, and system.
Leverage reporting and advanced analytics to connect threats to known risks in your software. Understand what could go wrong to build defensive programming in developers’ daily activities.
ISO 26262 set functional safety standards, but the scope of ISO/SAE 21434 involves a different approach. With regards to connected components and interfaces and other vulnerable parts of road vehicles, cybersecurity engineering standards had to be developed.
Automotive developers can use ISO 21434 to manage risks and product security for the end user (the driver). Though the providers could be considered stakeholders, so are the drivers as they use the technology every day. That’s why automation plays an important role in making compliance more reliable, more efficient, and easier all around.
Employing cybersecurity and safety coding practices to support software verification and validation is not only a best practice but essential in confirming the cybersecurity specification outlined in ISO 21434.
Using Parasoft C/C++ code analysis capabilities eases the rigor of software testing associated with critical safety software.
Automating software testing with Parasoft C/C++test is made simple with an integrated approach that incorporates static analysis, code coverage, requirement traceability, and analytics to streamline your ISO 21434 compliance.
Request a demo now to see Parasoft C/C++test in action.
How to Get Started
Check out the on-demand webinar Addressing ISO 26262 Compliance in Testing Automotive to learn more about driving cybersecurity and safety in road vehicles with automated software testing solutions.
The V-model on the right shows testing activities as part of the automotive software development process.
Why Parasoft?
Parasoft software testing tools are used in every industry from medical devices to defense systems. One reason why so many opt for Parasoft solutions involves automated testing. Put cybersecurity in the driver’s seat to meet ISO 21434 compliance requirements using Parasoft C/C++test.
C/C++test delivers the most comprehensive testing support for ISO 21434. Product teams can automate testing techniques like static analysis, unit testing, code coverage, penetration testing, gap analysis, requirements-based testing, and requirements traceability mandated by the standard to meet the demands of modern software development.
The fully integrated automated testing solution for C/C++ scales across your SDLC and product engineering. The solution’s unique position affords deep experience and expertise in the embedded software market to help you meet your needs related to cybersecurity and safety compliance.
With seamless tool integration support to calibrate your CI/CD pipeline, Parasoft can automate cybersecurity and safety in development workflows to speed up the production of software that powers the modern road vehicle. Parasoft enables product teams to get to market more quickly, safely, and confidently.
Request a demo to learn how to build the right test for your cybersecurity and safety needs.
Frequently Asked Questions
Like traditional cybersecurity, connected vehicles require protection against malicious attacks, breaches, or manipulation. Product developers must adhere to standards for automotive security for systems like E/E systems, control algorithms, and more.
Incorporating safeguards makes sense as vehicles move toward more IoT-centered connectivity.
To ensure compliance with guidelines like CERT C or MISRA, certain tools such as a static code analyzer should be used. These can help you find weaknesses, validate TARA (threat analysis and risk assessment), and will enhance consistency regarding cybersecurity activities.
“MISRA”, “MISRA C” and the triangle logo are registered trademarks of The MISRA Consortium Limited. ©The MISRA Consortium Limited, 2021. All rights reserved.
There are a ton of acronyms and initializations these days. But each one serves a unique purpose with its own meaning as below.
