Common Vulnerability Considerations as an Integral Part of the Automotive Cybersecurity Engineering Process 2022-28-0304

In the present scenario, the automotive industry is driven by information technology. Most of the innovations such as automotive interconnectivity, e-mobility, automotive electronics are data-driven systems to decide and to act on the functionality of vehicle architecture. Connectivity has its own concerns about message spoofing, tampering, and increased privacy-focused information hardening by exploiting weak points. Weaknesses ends up in a vulnerability resulting in legal consequences, reputation, cost of recalls, installation of software package bug fixes. Vulnerability tracking and control are taken into consideration because of the incident responses for on-avenue vehicles. Several weaknesses associated with degreed vulnerabilities are documented in databases like CWE (common weakness enumeration) and CVE (common vulnerability and exposures) respectively, significantly to automotive, it’s miles obvious that most of the methods employed by the attackers are known and reused strategies. To build secure systems of road vehicles, the cybersecurity engineering standard ISO21434[11] suggests the evaluation of vulnerabilities throughout engineering process, such as attack path analysis, system requirement stage, software architecture, design, and implementation and testing phases. With my analysis and practices, it is appropriate to include the common vulnerabilities that ought to be an integral part of the automotive cybersecurity engineering process.

In this paper, the author would like to provide a list of vulnerabilities that might be a suggestion for threat analysis and risk assessment and propose two solutions that may be adopted directly in the V-model for security-relevant software development.