Karamba’s binary scanning tools, for safer trucks and accelerated ISO/SAE 21434 compliance
We recently shared a case study about the use of Karamba Security’s VCode by a truck OEM. The customer aimed at meeting its development and production schedules without compromising on product security.
The case study describes how the OEM was able to protect its legacy and new devices, as well as supplier components, without affecting time to market.
Product Security teams were seeking ways to check that development teams were adhering to best practices. For code written by suppliers, only the binary images are supplied, and tests such as Static Code Analysis are not possible.
The solution they were looking for would check pre-production components for risks, in alignment with ISO/SAE 21434, and would improve overall security over time, with every new update/version.
The manufacturer was looking for the optimal ways to obtain compliance via a Cyber Security Management System (CSMS): a combination of binary analysis, creation of SBOM data, CVE monitoring, and preparation of a cybersecurity plan that included both preventive and reactive measures.
VCode was chosen because of the strength of the scan engine, which can analyze the vehicle firmware including several RTOS and AUTOSAR variations, network components, and more; Ease of integration into automated CI/CD pipelines; ability to generate comprehensive SBOM reports and other ISO/SAE 21434 and UN R155 documents; and good performance: binary scanning at a speed which allows teams to stick to their target build times.
The result: Tens of critical vulnerabilities and weaknesses were discovered and mitigated, including those in supplier components, without a need to expand cybersecurity teams. Subsequent pen testing indicated improvements in the vehicle’s overall cybersecurity posture.
As vehicle software processes become more complex, attention to cybersecurity protection is increasing. Using VCode, this OEM has been setting a new benchmark for security and compliance in the automotive industry.
Use the Download button below to request a copy of the Case Study and learn more.
