LDRA the leader in standards compliance, automated software verification, software code analysis, and test tools, today welcomed the news that ISO/SAE 21434 automotive cybersecurity standard has reached the Draft International Standard (DIS) stage. LDRA is committed to fully supporting the standard with enhancements to the LDRA tool suite® for Automotive as dictated by formal release of the standard.
Currently under development, ISO/SAE 21434 “Road vehicles – Cybersecurity engineering” is set to replace SAE J3061 “Cybersecurity Guidebook for Cyber-Physical Vehicle Systems.” SAE J3061 was published in 2016 as a recommended practice document that provided an engineering process framework for integration with other development processes for the comprehensive and systematic design of cybersecurity into vehicle systems. Today, ISO/SAE 21434 offers the promise of a substantial document with more detail than the high-level guiding principles of SAE J3061, which is therefore widely anticipated.
The automotive industry is accustomed to dealing with the prescriptive nature of established functional safety documents typified by ISO 26262 “Road vehicles – Functional safety”, which was published in 2011. However, a similar standard for automotive cybersecurity has lagged behind, creating an industry frustration, especially as connected vehicles have become targets for cybersecurity attacks.
“LDRA is an advocate of sound, secure coding principles, a keen supporter of the ISO/SAE 21434 standard, and an active participant in its development,” said Ian Hennell, Operations Director, LDRA. “However, ISO/SAE 21434 today is in draft stage, and we want to stress that at this time, substantial changes to its content are entirely possible.”
While advising extreme caution in basing any new product development on a DIS document, LDRA is confident that the guidance the organization can offer today represents current best practice. LDRA therefore anticipates that a substantial majority of that advice will be reflected in ISO/SAE 21434 when it is finalized.
Expanding on that view, Hennell stated, “LDRA is at the forefront of best-practice secure coding principles. We are committed to offering sound advice to the industry, and that includes consultation on the development of security-critical application code both now and in the future. Although it would be folly to base the advice we offer on a document that is far from finalized, you can rest assured that LDRA will be among the first to support ISO/SAE 21434 when its contents are confirmed.“
For more than 40 years, LDRA has developed and driven the market for software that automates code analysis and software testing for safety-, mission-, security-, and business-critical markets. Working with clients to achieve early error identification and elimination, and full compliance with industry standards, LDRA traces requirements through static and dynamic analysis to unit testing and verification for a wide variety of hardware and software platforms. Boasting a worldwide presence, LDRA has headquarters in the United Kingdom, United States, Germany, and India coupled with an extensive distributor network. For more information on the LDRA tool suite, please visit www.ldra.com