Building Resilient SDVs: Secure by Design in the Automotive Industry

Secure by Design principles can address risk, protecting everything from infotainment systems to autonomous software platforms and even specific ECUs.

March 18, 2025

Joseph Saunders

Modern vehicles contain upward of 100 million lines of code. More software means more opportunities for attackers to target vulnerable systems and code. (Shutterstock/BLKstudio)

Modern vehicles contain upward of 100 million lines of code and growing. The emergence of autonomous vehicles and software-defined vehicles (SDVs) means cars often run 100-plus applications, turning them into “software on wheels.”

More software means more opportunities for attackers to target vulnerable systems and code. Recently, we’ve seen security flaws that led to privacy leaks and the ability to remotely control vehicle functions.

There are lessons to be learned from Secure by Design principles and software development best practices that can address the risk to automotive systems, protecting everything from infotainment systems to autonomous software platforms and even specific ECUs.

Implementing security: standards and frameworks supporting Secure by Design

The road to secure software-defined vehicles requires commitment, collaboration, and a forward-thinking approach to automotive cybersecurity. (Shutterstock/Filippo Carlot)

Secure by Design is a collection of development practices embedded within the software development lifecycle to proactively address and reduce vulnerabilities before they can be exploited.

The automotive industry faces significant challenges in implementing software development best practices due to its intricate supply chain. OEMs must navigate a web of suppliers, each contributing software-integrated components, while also managing legacy vehicles that depend on patches and over-the-air updates to address vulnerabilities.

In recent years, a number of standards and certifications have emerged with the goal of supporting security within automotive software development. These include the AUTOSAR standards, which established a standardized software architecture for automotive ECUs and a common framework for automotive software development to enhance collaboration between OEMs and suppliers.

The POSIX (Portable Operating System Interface) also plays an important role in automotive software security, supporting the development of secure vehicle software architectures for real-time operating systems , SDVs, and ECUs.

Additionally, ISO 26262, though primarily focused on safety, includes guidance for software development and ASIL (Automotive Safety Integrity Level) certification for safety-critical code, such as for autonomous braking and Advanced Driver Assistance Systems.

Examples of applying security to automotive software

ECUs and autonomous software

Today’s vehicles often have up to 100-150 ECUs per vehicle. These embedded systems use real-time operating systems that software applications are built on. ECUs in vehicles are primarily programmed using C and C++ due to their real-time performance and efficiency in resource-constrained environments.

However, C/C++ is memory unsafe, leaving these systems vulnerable to memory-based attacks. A successful exploit of a memory-based vulnerability can enable remote code execution and the compromise of critical systems, leading to vehicle safety and reliability concerns.

A key Secure by Design principle is to use memory-safe languages wherever possible or to apply mitigations to prevent successful exploitation. AUTOSAR standards include best practices for protection against memory corruption attacks and guidance to develop AUTOSAR-compliant code and safety-critical software (ASIL) developed using these languages.

Tight coordination with an RTOS provider to ensure memory-safe best practices are followed and mitigations are in place, as well as sound discipline around application scanning and fixing and patching processes, are essential to ensure vehicle software is resilient against attack.

Until over-the-air (OTA) updates become consistently mainstream, achieving memory safety in applications built on RTOS, whether OTA updates are available or not, is necessary for cybersecurity.

Infotainment systems

Because of increasing connectivity, infotainment systems are high-value targets on SDVs and connected vehicles. Infotainment systems are both attack vectors to get data and location and on-ramps to access other vehicle systems, like ADAS and key engine control units.

The underlying operating systems for infotainment systems and telematics often use Android. Following the Secure by Design principle of sourcing secure software components is important for protecting these systems. Ideally, an OEM or component supplier should build the Android operating system from source, giving control over the components that are incorporated and compiled. By building from source, they can also insert security protections, like runtime exploit prevention, to protect software, including memory-based vulnerabilities that are an easy access point into vehicle systems.

Connecting vehicle safety and security

While safety is often the primary focus for vehicle manufacturers and OEMs, with the software-driven vehicles of today, security is becoming a critical component of safety. When you consider the millions of lines of code behind connected systems, ADAS, and autonomous vehicles, the potential to exploit that code has increased exponentially.

By following software development best practices, manufacturers can build more resilient, trustworthy vehicles that protect both consumer data and critical system functionality. Those practices include prioritizing memory safety in critical systems like ECUs and infotainment, building software components from trusted sources, implementing comprehensive security testing throughout development, and maintaining ongoing vulnerability management and patch processes.

The road to secure software-defined vehicles requires commitment, collaboration, and a forward-thinking approach to automotive cybersecurity.

Joseph Saunders is founder and CEO of RunSafe Security.