The automotive industry has always had to keep a close eye on ensuring that the high standards for the quality, reliability and security of any physical components of vehicles are met at every step of the manufacturing process. As cars become more and more software-heavy, manufacturers are having to take new measures to make sure the embedded code included in their vehicles poses no risk to the safety and security of their products. It is now time to focus on managing software supply risk and making it a key aspect when it comes to evaluating the quality of vehicles.

As most car software components are developed by third parties and contain open source, there’s a high security risk when using such software. This is why vigilant manufacturers are now implementing SBOM (software bill of materials) to stay on top of the security and quality aspects of procured software.
By starting their software risk management with SBOM, manufacturers can guarantee that their final products adhere to the industry security and compliance requirements. They’ll be able to detect vulnerabilities in the open source components, make more informed security decisions, whilst complying with various security and licensing requirements, and use actionable vulnerability intelligence in order to secure vehicles against cybersecurity threats.
There’s still a lot to learn about the security of automobiles as more automotive software gets implemented in the final products, but implementing a SBOM is certainly a vital step to take for any manufacturer.
Source: scmagazine.com