For the development phase of devices and components, a new software called VCode from Karamba Security offers manufacturers security validation. This ensures that the product software can be checked for security gaps and logical errors during the design and development phase and that it complies with current compliance guidelines. By integrating security testing into the continuous deployment process, companies save time and money on penetration testing at the end of the development cycle and on any costly post-test adjustments, the vendor claims.
VCode improves the protection of networked products by allowing developers to take security measures during the development process. Customers - in this case the developers of ADAS and other vehicle systems at automotive OEMs and tier ones - want to be informed about potential security vulnerabilities in their products and expect them to be addressed according to risk levels and compliance standards," said Tal Ben David, co-founder and VP R&D at Karamba. "In the complex, multi-tiered supply chain of software development, it is critical that all stakeholders work together on safety issues. VCode verification accelerates the entire development process and ensures improved security for automotive networked systems and ECUs".
In addition, Karamba is now launching another product, the XGuard Monitor, to complement and extend its existing XGuard Runtime Integrity software. It is an embedded Intrusion Detection System (IDS) - a software agent that continuously monitors embedded systems for potential threats. The agent reports suspicious activities at both device and fleet level to the respective company's cloud or backend systems, thus creating the greatest possible transparency. The system benefits from integration and runtime analysis at the binary code level. XGuard Monitor is thus able to detect data manipulation and so-called "low and slow" attacks. This is a hacker method in which external data packets can be introduced into systems because the security system considers them to be legitimate traffic due to their low data rate and size.