Automotive and SBOM Applications – Security Boulevard

A chat with Hitachi America R&D director of cybersecurity research and director of the SBOM program at Automotive ISAC

Today’s cars have over 100 million lines of code, according to McKinsey and Co., and that’s not counting self-driving, self-driving vehicles. The latest statistics from Code-Features estimates there will be a billion lines of code in self-driving vehicles. The code developed for these vehicles also includes open source. At the last check, there were 56 automobiles linked repositories in GitHub, which makes the requirement for SBOMS – Software nomenclature – critically important to all software components running in today’s vehicles.

In November, the Automotive Information Sharing and Analysis Center (ISAC) launched a POC for suppliers to provide a standard SBOM approach that all major automakers will accept. Charlie Hart, principal cybersecurity research analyst, Hitachi America R&D, leads this charge. Hart is a longtime technology executive at leading computer products and services companies who joined Hitachi in 2008. He is currently a Hitachi representative on U.S. government projects for the Departments of Commerce and Homeland Security as well as for Automotive ISAC.

In this interview, Hart explains the importance of SBOMs at all levels of the automotive supply chain and how standardization benefits developers, testers and integrators to fix vulnerabilities before deployment.

Additional Automotive Supply Chain Resources:

GrammaTech’s white paper on MISRA automotive industry software compliance.

UN regulations to identify, assess and monitor cyber risks, including security by design, and provide safe and secure software updates.

DHS CISA develops guidelines for autonomous vehicles, while NIST provides continuing education in this area, including C-SCRM Cybersecurity Supply Chain Risk Management Guidelines.

Linux operationalizes the SBOM with the Linux Foundation SBOM projects, including SBOMs embedded in Automotive-grade Linux.

*** This is a syndicated blog from the Security Bloggers Network of Left shift written by Deb Radcliff. Read the original post at:

Source link