Cybersecurity company OneKey has introduced a joint solution to enhance vulnerability management in software-defined vehicles (SDVs).
Escrypt CycurRISK is a software tool for threat analysis and risk assessment from ETAS, a company that specializes in embedded automotive cybersecurity solutions.
Under UN Regulation 155, OEMs must monitor, detect and respond to vulnerabilities in their vehicles. This involves identifying the software components and versions in each vehicle, maintaining this data in a software bill of materials (SBOM) and managing a potentially extensive list of vulnerabilities.
The combined solution leverages OneKey’s capabilities to manage and validate SBOMs, detect vulnerabilities and auto-prioritize them. OneKey automates the generation of SBOMs from binaries without requiring source code access, and identifies known (CVEs) and unknown (Zero-Days) vulnerabilities.
Concurrently, Escrypt CycurRISK facilitates the creation and maintenance of threat analyses and risk assessments (TARAs), which provides context for assessing the impact of potential attacks on vehicle components. According to ETAS, the insights from CycurRISK help prioritize the most critical vulnerabilities.
This collaboration aims to simplify the process of handling numerous vulnerabilities by giving developers a filtered and prioritized list, allowing them to focus on the critical areas of software improvement.
Future developments in this collaboration include integrating feedback from vulnerability management back into the TARA to keep risk assessments current. Plans are also underway to create a more integrated ecosystem by incorporating other ETAS cybersecurity products, such as Escrypt CycurGUARD and Escrypt CycurFUZZ, to increase the effectiveness of vulnerability management in SDVs.