TOP 3 STRATEGIES TO REDUCE RISK IN AUTOMOTIVE/IN-VEHICLE SOFTWARE DEVELOPMENT
|
|
- Ursula Lawson
- 7 years ago
- Views:
Transcription
1 TOP 3 STRATEGIES TO REDUCE RISK IN AUTOMOTIVE/IN-VEHICLE SOFTWARE DEVELOPMENT Go beyond error detection to ensure safety and security
2 TABLE OF CONTENTS The Three Biggest Challenges...4 Ensure compliance with safety norms and standards...5 Meet security requirements...5 Reduce defects in complex high-risk embedded code...5 Embedded Development Is Different...6 Conclusion...6 2
3 Developing in-vehicle embedded applications is a safety, security, and quality challenge. Given that cars and trucks are increasingly connected to each other and to the devices around them, it s becoming harder and harder to ensure that software is functional and free from risk. Development teams, especially the managers who are ultimately responsible, face incredible challenges when building such applications, and are learning that team members need to do more than just catch code defects during verification and validation testing. The new imperative: Identify and address security and compliance concerns earlier in the lifecycle, all while delivering innovative and differentiating features. 3
4 It s getting harder to write in-vehicle embedded software, given today s interconnected world. Like all software development teams, automotive software development teams must focus on being innovative, meeting product requirements, and delivering on time and within budget. Unlike other software development teams, automotive teams also have to keep customers safe from harm and ensure that defects never put their companies in news headlines. Vehicles are becoming more complicated, with an ever-increasing number of microprocessors and networks controlling telematics systems, safety features like blind-spot sensors and night-time pedestrian alerts, and even self-parking systems and adaptive airbags. What s more, connectivity encompasses features such as cellular-based accident reporting systems and Bluetooth-enabled video screens. The list of computerized functions in newer cars would be longer than this paper and that doesn t include smartphone apps or accessories like Global Positioning Systems or diagnostic devices. Development teams creating software for embedded automotive systems need to ensure that their applications are defect-free; that s a given, whether it s the control system for Dynamic Stability Control, tire-pressure monitoring code, or the built-in Pandora radio app. But defect-free is not enough. Members of the team, including programmers and testers, need to have visibility into the code, and may not know exactly what s happening during normal run-time, exception, and error-handling. Development tools should help teams create in-vehicle code that is safe and secure during the programming cycle, as well as validate that safety and security during testing. The tools should also help the team write code that is fully compliant with automotive industry requirements and best practices for all safety critical applications. Compliance, safety, and security requirements may not be familiar to new development teams moving into the embedded software field or to experienced embedded teams who aren t used to today s hypercomplex interconnected systems. Modern software tools should actively assist throughout every step of the development lifecycle, from coding to testing, and from regular defect reports to mandated compliance audits. At the same time, tools should enhance the team s productivity, using domain knowledge to get the job done faster, with smart automation and context-aware functionality, as well as traceability to help isolate any problems that may occur. Why is this necessary? Because, frankly, automotive and other such systems are increasingly complex, and complexity can lead to vulnerability and risk. Consider news out of Black Hat USA 2014, where security experts demonstrated their ability to penetrate vehicle networks. Chris Valasek, director of vehicle security research at IOActive, discussed the remote connectivity capabilities in vulnerable 2014 and 2015 car and SUV models: They have cellular communications, Bluetooth communications, regular radio communications. They have an Internet app for your phone, and an app for your car. And there s a lot of cyberphysical features. The car can brake itself. There s power-assisted steering. Things like that. With modern, advanced tools, defects and compliance issues can be detected early and remediated quickly. Without such tools, developers must learn all of the industry requirements and ensure that they are coding to meet those requirements. Some defects and issues may be caught during compilation, a debug cycle, or even during manual code reviews. There is always the risk, however, that defects and compliance issues will evade detection until late in the cycle or perhaps slip past quality-assurance efforts and be deployed into production systems. THE THREE BIGGEST CHALLENGES For years, automotive software teams have relied on manual testing or test tools to catch coding defects and identify issues that would affect safety and compliance. If such issues can be uncovered sooner and more effectively, development 4
5 teams can accelerate the software delivery process, and also reduce risk, reduce cost, and ship safer, more secure code. The following are some of the biggest issues that, while not unique to in-vehicle systems, are certainly exacerbated by today s complexity and connectivity trends: 1. Ensure compliance with safety norms and standards. Numerous organizations around the world issue safety standards for embedded software, and many of those apply to the automotive world. For example, MISRA, formerly known as the Motor Industry Software Reliability Association, has its own dialect of the C programming language called MISRA C which is periodically updated to ensure the safety of code written in that language. A recent update addressed hazards in the mainline C99 language that automotive and other safety-critical development teams should avoid. Other organizations that offer guidance and rules for safety-critical applications include the Institute of Electrical and Electronics Engineers (IEEE), the International Organization for Standardization, and the U.S. Department of Transportation. In most cases, software written by automotive development teams must comply with the latest versions of many safety specifications. Modern tools should help development teams comply with safety norms by suggesting coding best practices, flagging questionable code, and revealing concerns during code-checking and the testing portions of the lifecycle in other words, as early as possible. 2. Meet security requirements. Similarly to the safety norms and standards, many organizations offer guidance and requirements for ensuring that automotive and other critical embedded code is kept secure. The threats aren t only those seen in the movies, where a person with a smartphone takes control of someone s car they also involve ensuring that cars stay locked, wireless keys can t be bypassed, Bluetooth communications can t be monitored, and critical vehicle software can t be maliciously modified in any way. Even data flowing within a vehicle s own network often must be encrypted, and the network must be hardened against attack. Standards and security bodies that offer guidance and issuing requirements for embedded code security include the IEEE, the U.S. National Highway Transportation Safety Administration (NHTSA), the Common Weakness Enumeration from The MITRE Corp., the Open Web Application Security Project, and SAE International. To use one example, in 2011 the NHTSA launched an initiative called the Cyber Security and Safety of Motor Vehicles Equipped with Electronic Control Systems. A modern tool set for automotive developers can provide visibility into the applications, through source code analysis, simulation, and tracing during runtime. Reports and audits can help ensure that the code is, well, up to code. Simulation lets developers and QA teams see how the software will run, even if the hardware is not yet ready. Tracing provides logs and analysis that follow the source code and binary code as executed by the (real or simulated) microprocessor, so that hard-to-fix defects can be tied back to their root causes. 3. Reduce defects in complex high-risk embedded code. While automotive and in-vehicle systems have their own specific requirements for safety and security, they still must comply with the quality requirements for all embedded code. Memory leaks, untrapped exceptions, unchecked stacks and buffers, misplaced pointers, problems with array indexes, and errors in error handlers are all problems that can be caused by any number of factors. 5
6 While most programming errors can be caught during manual code review in a testing phase, this consumes valuable time and pushes error detection to potentially days or weeks after the code was written. It s more effective and also more educational for the development team to catch the bugs right in their Integrated Development Environment (IDE, also known as a code editor), or when code is checked into the source code repository. Development and test tools help by flagging defects early in the lifecycle right as individual programmers are typing, if possible; if not, as soon as possible thereafter. Bugs caught early can be remediated early, keeping the project on track and reducing the possibility that the bugs might evade detection later. EMBEDDED DEVELOPMENT IS DIFFERENT Software teams in the non-embedded enterprise world such as those writing websites, database applications, or even mobile phone apps have considerable experience with IDEs and other tools that detect bugs, security, safety, and compliance issues early, such as while coding or when checking source code into a repository. Traditionally, such functionality has not been as common in the embedded software world. Experienced embedded development teams may not be familiar with those tools; non-embedded teams beginning work in the automotive space may not realize that their tools don t offer that functionality. What s more, development teams coming from the enterprise world are not used to such rigid norms and specifications as those from groups like the NHTSA or MISRA. Outside the embedded world, security, safety, and compliance may not be life-threatening, and in many organizations, agile software processes allow for rapid code iterations where buggy code is deployed, and then the bugs are detected and remediated later in a future release. That s not how the embedded world works and we can all be grateful for that. Rogue Wave Software lives in both the embedded and enterprise development world, and has created the leading portfolio of tools to assist embedded development teams with safety, security, compliance, and error detection and prevention. CONCLUSION Security compliance, safety compliance, and defect reduction are huge goals, not only for meeting a product s technical requirements, costs, and deadlines, but also for keeping people safe. This has never been truer than with today s increasingly software-based cars and trucks, and with the increased threat profile due to radio-based interconnectivity and sophisticated in-vehicle apps. Rogue Wave Software s portfolio of embedded development solutions can help improve code quality, safety, and compliance throughout the development lifecycle, from architecture to coding, and testing to deployment. Visit Rogue Wave provides software development tools for mission-critical applications. Our trusted solutions address the growing complexity of building great software and accelerates the value gained from code across the enterprise. Rogue Wave s portfolio of complementary, cross-platform tools helps developers quickly build applications for strategic software initiatives. With Rogue Wave, customers improve software quality and ensure code integrity, while shortening development cycle times Rogue Wave Software, Inc. All Rights Reserved
Car Cybersecurity: What do the automakers really think? 2015 Survey of Automakers and Suppliers Conducted by Ponemon Institute
Car Cybersecurity: What do the automakers really think? 2015 Survey of Automakers and Suppliers Conducted by Ponemon Institute 1 Executive Summary The Ponemon Institute recently conducted a cybersecurity
More informationEnhance visibility into and control over software projects IBM Rational change and release management software
Enhance visibility into and control over software projects IBM Rational change and release management software Accelerating the software delivery lifecycle Faster delivery of high-quality software Software
More informationSecure software updates for ITS communications devices
Secure software updates for ITS communications devices - International Standardization Activity in ITU-T SG17 - Masashi Eto, Senior researcher, Cybersecurity laboratory, Network security research institute,
More informationWhite Paper. Automating Your Code Review: Moving to a SaaS Model for Application Security
White Paper Automating Your Code Review: Moving to a SaaS Model for Application Security Contents Overview... 3 Executive Summary... 3 Code Review and Security Analysis Methods... 5 Source Code Review
More informationStatic Analysis Best Practices
Static Analysis Best Practices This is the first in a series of interviews in which Adam Kolawa Parasoft CEO and Automated Defect Prevention: Best Practices in Software Management (Wiley-IEEE, 2007) co-author
More informationCreating Competitive Advantage: The role for ALM in the PLM world
Creating Competitive Advantage: The role for ALM in the PLM world Michael Azoff Principal Analyst, Ovum michael.azoff@ovum.com Version 9 Oct, 2014 1 Copyright Ovum. All rights reserved. Ovum is a subsidiary
More informationIMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE
IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE Solution Brief SUMMARY New security threats demand a new approach to security management. Security teams need a security analytics architecture that can handle
More informationREDUCE YOUR OPEN SOURCE SECURITY RISK: STRATEGIES, TACTICS, AND TOOLS
REDUCE YOUR OPEN SOURCE SECURITY RISK: STRATEGIES, TACTICS, AND TOOLS Open source security must be a priority While there s no doubt that open source software (OSS) is here to stay, that doesn t mean that
More informationPREVENTING ZERO-DAY ATTACKS IN MOBILE DEVICES
PREVENTING ZERO-DAY ATTACKS IN MOBILE DEVICES Ira Winkler Codenomicon Session ID: MBS-W05 Session Classification: Intermediate Zero Day Attacks Zero day attacks are rising in prominence They tend to be
More informationAdvanced Testing Methods for Automotive Software
Advanced Testing Methods for Automotive Software Madison Turner, Technology Analyst Accelerated Technology, a Mentor Graphics Division Recent history attests to the need for improved software testing methods
More informationThe relevance of cyber-security to functional safety of connected and automated vehicles
The relevance of cyber-security to functional safety of connected and automated vehicles André Weimerskirch University of Michigan Transportation Research Institute (UMTRI) February 12, 2014 Introduction
More informationCapitalizing on The Internet of Things
Capitalizing on The Internet of Things March 2016 Capitalizing on The Internet of Things Table of Contents Executive summary... 2 Transforming from a product business into a service business... 2 The core
More informationManaging Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services
Managing Vulnerabilities for PCI Compliance White Paper Christopher S. Harper Managing Director, Agio Security Services PCI STRATEGY Settling on a PCI vulnerability management strategy is sometimes a difficult
More informationApplication Security in the Software Development Lifecycle
Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO
More informationCisco Advanced Malware Protection for Endpoints
Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview With today s sophisticated malware, you have to protect endpoints before, during, and after attacks. Cisco Advanced Malware Protection
More informationAdopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.
Security solutions To support your IT objectives Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services. Highlights Balance effective security with
More informationCentralized Secure Vault with Serena Dimensions CM
Centralized Secure Vault with Serena Dimensions CM A single artifact repository for development, quality and operations SOLUTION BRIEF Why Security and Software engineering We re a bank not a startup,
More informationSubmitted at: http://www.regulations.gov/#!submitcomment;d=nhtsa-2014-0108-0001
December 8, 2014 Docket Management Facility U.S. Department of Transportation 1200 New Jersey Avenue SE. West Building Ground Floor, Room W12-140 Washington, DC 20590-0001 Submitted at: http://www.regulations.gov/#!submitcomment;d=nhtsa-2014-0108-0001
More informationAdopting Agile Testing
Adopting Agile Testing A Borland Agile Testing White Paper August 2012 Executive Summary More and more companies are adopting Agile methods as a flexible way to introduce new software products. An important
More informationContinuous integration End of the big bang integration era
Continuous integration End of the big bang integration era Patrick Laurent Partner Technology & Enterprise Applications Deloitte Mario Deserranno Manager Technology & Enterprise Applications Deloitte The
More informationA Channel Company White Paper. Online Security. Beyond Malware and Antivirus. Brought to You By:
A Channel Company White Paper Online Security Beyond Malware and Antivirus Brought to You By: Abstract Security has always encompassed physical and logical components. But in the face of Bring Your Own
More informationQUICK GUIDE. How to Select an Effective Mobile Workforce Management Solution. How to Select an Effective Mobile Workforce Management Solution
QUICK GUIDE How to Select an Effective Mobile Workforce Management Solution 1 How to Select an Effective Mobile Workforce Management Solution This Quick Guide will cover: What a comprehensive Mobile Workforce
More informationSystems Engineering: Development of Mechatronics and Software Need to be Integrated Closely
White Paper Systems Engineering: Development of Mechatronics and Software Need to be Integrated Closely Introduction Products from automobiles to mobile phones contain an increasing amount of software
More informationDevelopment Testing for Agile Environments
Development Testing for Agile Environments November 2011 The Pressure Is On More than ever before, companies are being asked to do things faster. They need to get products to market faster to remain competitive
More informationProductivity Through Open Source Policy Compliance
Productivity Through Open Source Policy Compliance This article is part of a series on how Rational Collaborative Lifecycle Management (CLM) solutions support software development compliance. Today the
More informationSoftware: Driving Innovation for Engineered Products. Page
Software: Driving Innovation for Engineered Products Software in products holds the key to innovations that improve quality, safety, and ease-of-use, as well as add new functions. Software simply makes
More informationALM/Quality Center. Software
HP ALM/Quality Center Software Datasheet Page 1 of 8 HP Application Lifecycle Management software In today s rapidly changing business world, business agility depends on IT agility. And predictable, high
More informationAn Overview of NHTSA s Electronics Reliability and Cybersecurity Research Programs Paper ID 15-0454 Abstract
An Overview of NHTSA s Electronics Reliability and Cybersecurity Research Programs Authors(s): Arthur Carter, David Freeman, and Cem Hatipoglu National Highway Traffic Safety Administration (NHTSA) Paper
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationControl your corner of the cloud.
Chapter 1 of 5 Control your corner of the cloud. From the halls of government to the high-rise towers of the corporate world, forward-looking organizations are recognizing the potential of cloud computing
More informationEffective Software Verification for Medical Devices
STERLINGTECH AND KLOCWORK WHITE PAPER NOVEMBER 2009 Effective Software Verification for Medical Devices Achieving compliance and meeting productivity goals with static analysis In addition to producing
More informationSatisfying ASIL Requirements with Parasoft C++test Achieving Functional Safety in the Automotive Industry
Satisfying Requirements with Parasoft C++test Achieving Functional Safety in the Automotive Industry Introduction Safety functions are increasingly being carried out by electrical, electronic, or programmable
More informationNEC Managed Security Services
NEC Managed Security Services www.necam.com/managedsecurity How do you know your company is protected? Are you keeping up with emerging threats? Are security incident investigations holding you back? Is
More informationGENIVI FAQ. What is the GENIVI Alliance?
GENIVI FAQ What is the GENIVI Alliance? GENIVI Alliance is a non-profit consortium of over 180 automotive industry companies promoting the collaboration and deployment of open source software in the automotive
More informationHow To Understand The Power Of The Internet Of Things
Next Internet Evolution: Getting Big Data insights from the Internet of Things Internet of things are fast becoming broadly accepted in the world of computing and they should be. Advances in Cloud computing,
More informationEnabling Continuous Delivery by Leveraging the Deployment Pipeline
Enabling Continuous Delivery by Leveraging the Deployment Pipeline Jason Carter Principal (972) 689-6402 Jason.carter@parivedasolutions.com Pariveda Solutions, Inc. Dallas,TX Table of Contents Matching
More informationSECURE AND MANAGE YOUR MOBILE FLEET Freedome for Business
SECURE AND MANAGE YOUR MOBILE FLEET Freedome for Business TAKE CONTROL OF MOBILE SECURITY In the age of mobile work, safeguarding the network perimeter is not easy. Poorly protected smartphones are now
More informationKey Benefits of Microsoft Visual Studio Team System
of Microsoft Visual Studio Team System White Paper November 2007 For the latest information, please see www.microsoft.com/vstudio The information contained in this document represents the current view
More informationITEC441- IS Security. Chapter 15 Performing a Penetration Test
1 ITEC441- IS Security Chapter 15 Performing a Penetration Test The PenTest A penetration test (pentest) simulates methods that intruders use to gain unauthorized access to an organization s network and
More informationSmarter Balanced Assessment Consortium. Recommendation
Smarter Balanced Assessment Consortium Recommendation Smarter Balanced Quality Assurance Approach Recommendation for the Smarter Balanced Assessment Consortium 20 July 2012 Summary When this document was
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationAugmented Search for Software Testing
Augmented Search for Software Testing For Testers, Developers, and QA Managers New frontier in big log data analysis and application intelligence Business white paper May 2015 During software testing cycles,
More informationQuality Programs for Regulatory Compliance
Quality Programs for Regulatory Compliance Roy Garris, IconATG Regulatory Compliance Practice Manager (866) 785-4266 http://www.iconatg.com info@iconatg.com Version 1.00 Application Vulnerabilities Put
More informationSoftware & Supply Chain Assurance: Mitigating Risks Attributable to Exploitable ICT / Software Products and Processes
Software & Supply Chain Assurance: Mitigating Risks Attributable to Exploitable ICT / Software Products and Processes Joe Jarzombek, PMP, CSSLP Director for Software & Supply Chain Assurance Stakeholder
More informationSecure Shell User Keys and Access Control in PCI-DSS Compliance Environments
A Secure Shell Key Management White Paper Secure Shell User Keys and Access Control in PCI-DSS Compliance Environments Emerging trends impacting PCI-DSS compliance requirements in secure shell deployments
More informationHow To Protect Your Network From Attack From A Network Security Threat
Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your
More informationSecurity in the smart grid
Security in the smart grid Security in the smart grid It s hard to avoid news reports about the smart grid, and one of the media s favorite topics is security, cyber security in particular. It s understandable
More informationSecuring the Microsoft Cloud
Securing the Microsoft Cloud Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and consumers to fully embrace and benefit from
More informationSAFECode Security Development Lifecycle (SDL)
SAFECode Security Development Lifecycle (SDL) Michael Howard Microsoft Matthew Coles EMC 15th Semi-annual Software Assurance Forum, September 12-16, 2011 Agenda Introduction to SAFECode Security Training
More informationSafeguarding Company IT Assets through Vulnerability Management
A Guidance Consulting White Paper P.O. Box 3322 Suwanee, GA 30024 678-528-2681 http://www.guidance-consulting.com Safeguarding Company IT Assets through Vulnerability Management By Guidance Consulting,
More informationSECURITY FIRST: AN ESSENTIAL GUIDE TO PENETRATION TESTING
WHITE PAPER SMART THINKING. DELIVERED. SECURITY FIRST: AN ESSENTIAL GUIDE TO PENETRATION TESTING WWW.SERVERCHOICE.COM INTRODUCTION Penetration testing, or pen tests, can be a confusing subject for many
More informationManaging Vulnerabilities For PCI Compliance
Managing Vulnerabilities For PCI Compliance Christopher S. Harper Vice President of Technical Services, Secure Enterprise Computing, Inc. June 2012 NOTE CONCERNING INTELLECTUAL PROPERTY AND SOLUTIONS OF
More informationCycurHSM An Automotive-qualified Software Stack for Hardware Security Modules
CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules Dr. Frederic Stumpf, ESCRYPT GmbH Embedded Security, Stuttgart, Germany 1 Introduction Electronic Control Units (ECU) are embedded
More informationInformation Security Services
Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual
More informationImproving Web Application Security by Eliminating CWEs Weijie Chen, China INFSY 6891 Software Assurance Professor Dr. Maurice Dawson 15 December 2015
Improving Web Application Security by Eliminating CWEs Weijie Chen, China INFSY 6891 Software Assurance Professor Dr. Maurice Dawson 15 December 2015 1 P a g e ABSTRACT This study examined improving web
More informationModern SOA Testing. A Practitioners Guide to. July 2011
A Practitioners Guide to Modern SOA Testing Gaurish Hattangadi Abstract Today s dynamic business needs are shaping the modern IT industry. Lower costs and faster time to market have propelled forward market-changing
More informationBUSINESS GUIDE SECURING YOUR SOFTWARE FOR THE MOBILE APPLICATION MARKET THE LATEST CODE SIGNING TECHNOLOGY
SECURING YOUR SOFTWARE FOR THE MOBILE APPLICATION MARKET THE LATEST CODE SIGNING TECHNOLOGY Now from CONTENTS 1 THE CHALLENGE 1 A BRIEF REVIEW OF CODE SIGNING 2 THE SOLUTION 2 HOW THE CODE SIGNING PORTAL
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationEnergy, Oil and Gas WHAT COULD YOU DO WITH WIRELESS? Fleet Productivity and Management
BUSINESS S FOR Energy, Oil and Gas 4G LTE: THE NEXT- GENERATION VERIZON WIRELESS NETWORK FOR ENERGY, OIL AND GAS A wireless revolution is underway that promises to transform how your business operates.
More informationPEMS Conference. Acquiring Data from In-Vehicle Networks. Rick Walter, P.E. HEM Data Corporation
PEMS Conference Acquiring Data from In-Vehicle Networks Rick Walter, P.E. HEM Data Corporation Acquiring Data from In-Vehicle Networks Topics Overview/Benefits Heavy Duty J1939 protocol Available J1939
More informationWhat is Application Lifecycle Management? At lower costs Get a 30% return on investment guaranteed and save 15% on development costs
What is Application Lifecycle Management? Increase productivity Stop wasting your time doing things manually by automating every step in your project s Life Cycle At lower costs Get a 30% return on investment
More informationThe Internet of Things: 4 security dimensions of smart devices
The Internet of Things: 4 security dimensions of smart devices Like all major technological revolutions, digital transformation is spreading over many areas: home automation, physical security, mobility,
More informationIntrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks
Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323
More informationSECURITY: THE KEY TO AFFORDABLE UNMANNED AIRCRAFT SYSTEMS. By Alex Wilson, Director of Business Development, Aerospace and Defense
SECURITY: THE KEY TO AFFORDABLE UNMANNED AIRCRAFT SYSTEMS By Alex Wilson, Director of Business Development, Aerospace and Defense EXECUTIVE SUMMARY Cost efficiency and affordability will always be key
More informationHP Fortify Software Security Center
HP Fortify Software Security Center Proactively Eliminate Risk in Software Trust Your Software 92% of exploitable vulnerabilities are in software National Institute for Standards and Technology (NIST)
More informationSoftware: Driving Innovation for Engineered Products
Software: Driving Innovation for Engineered Products Software in products holds the key to innovations that improve quality, safety, and ease-of-use, as well as add new functions. Software simply makes
More informationGETTING STARTED WITH ANDROID DEVELOPMENT FOR EMBEDDED SYSTEMS
Embedded Systems White Paper GETTING STARTED WITH ANDROID DEVELOPMENT FOR EMBEDDED SYSTEMS September 2009 ABSTRACT Android is an open source platform built by Google that includes an operating system,
More informationDigital Business Services Topic Area Theaters May 17-19, 2016 Orlando, FL
Digital Topic Area Theaters May 17-19, 2016 Orlando, FL Session ID Title Abstract Time and Location DB34027 Exploit Business Benefit Cases to Accelerate and Improve Processes DB34011* DB34008 DB34051*
More informationDatacenter Hosting - The Best Form of Protection
Datacenter Hosting Scalable Technology and Insurance for Your Business nsacom.com Datacenter Hosting Scalable Technology and Insurance for Your Business Datacenter Hosting Gives You the Best of Both Worlds
More informationEnterprise Security Tactical Plan
Enterprise Security Tactical Plan Fiscal Years 2011 2012 (July 1, 2010 to June 30, 2012) Prepared By: State Chief Information Security Officer The Information Security Council State of Minnesota Enterprise
More informationIs Your Identity Management Program Protecting Your Federal Systems?
Is Your Identity Management Program Protecting Your Federal Systems? With the increase in integrated, cloud and remote technologies, it is more challenging than ever for federal government agencies to
More informationCisco Advanced Malware Protection
Solution Overview Cisco Advanced Malware Protection Breach Prevention, Detection, Response, and Remediation for the Real World BENEFITS Gain unmatched global threat intelligence to strengthen front-line
More informationJBoss. choice without compromise
JBoss Enterprise Middleware choice without compromise JBOSS ENTERPRISE APPLICATION PLATFORMS: CHOICE WITHOUT COMPROMISE The JBoss open choice strategy In today s dynamic business world, the need to quickly
More informationBest Practices for Network Monitoring
Enabling a Converged World Best Practices for Network Monitoring How a Network Monitoring Switch Helps IT Teams Stay Proactive 915-6509-01 Rev A February 2012 Contents Monitoring Challenges in Today s
More informationBuilding a Mobile App Security Risk Management Program. Copyright 2012, Security Risk Advisors, Inc. All Rights Reserved
Building a Mobile App Security Risk Management Program Your Presenters Who Are We? Chris Salerno, Consultant, Security Risk Advisors Lead consultant for mobile, network, web application penetration testing
More informationSTATIC CODE ANALYSIS IN AN AGILE WORLD. Establishing a repeatable process to achieve working software with each iteration
STATIC CODE ANALYSIS IN AN AGILE WORLD Establishing a repeatable process to achieve working software with each iteration To keep pace with ever-increasing customer demands on software functionality and
More informationGuidance on the Use of Portable Storage Devices 1
Guidance on the Use of Portable Storage Devices Introduction Portable storage devices ( PSDs ) such as USB flash memories or drives, notebook computers or backup tapes provide a convenient means to store
More informationThe research area of SET group is software engineering, and model-based software engineering in particular:
Introduction The research area of SET group is software engineering, and model-based software engineering in particular: Given the high-tech software-intensive industry in the Eindhoven region, we consider
More informationecommerce and Retail Rainforest QA enables ecommerce companies to test highly visual user interfaces and customer experience and flow.
ecommerce and Retail Rainforest QA enables ecommerce companies to test highly visual user interfaces and customer experience and flow. ecommerce lives and dies by a great user experience, which in turn
More informationWHITE PAPER. Five Steps to Better Application Monitoring and Troubleshooting
WHITE PAPER Five Steps to Better Application Monitoring and Troubleshooting There is no doubt that application monitoring and troubleshooting will evolve with the shift to modern applications. The only
More informationWho, What, Where, How: Five Big Questions in Mobile Security
Who, What, Where, How: Five Big Questions in Mobile Security Jacob West CTO, Fortify Products HP Enterprise Security Session ID: ASEC-R31 Session Classification: Intermediate Why is mobile security an
More informationClosing Wireless Loopholes for PCI Compliance and Security
Closing Wireless Loopholes for PCI Compliance and Security Personal information is under attack by hackers, and credit card information is among the most valuable. While enterprises have had years to develop
More informationSolutions for Quality Management in a Agile and Mobile World
Solutions for Quality Management in a Agile and Mobile World with IBM Rational Quality Management Solutions Realities can stall software-driven innovation Complexities in software delivery compounded by
More informationDoes the Federal government require them? No, the Federal government does not require manufacturers to install EDRs.
EDR Q&As THE BASICS What is an EDR? What is its purpose? An Event Data Recorder (EDR) is a function or device installed in a motor vehicle to record technical vehicle and occupant information for a brief
More informationTHE RTOS AS THE ENGINE POWERING THE INTERNET OF THINGS
THE RTOS AS THE ENGINE POWERING THE INTERNET OF THINGS By Bill Graham and Michael Weinstein INNOVATORS START HERE. EXECUTIVE SUMMARY Driven by the convergence of cloud technology, rapidly growing data
More informationModerator: Benjamin McGee, CISSP Cyber Security Lead SAIC
From Security Assessment to Vulnerability Remediation: The Realities of Deploying a Cloud-Based Application Risk Management Solution Moderator: Benjamin McGee, CISSP Cyber Security Lead SAIC Setting the
More informationIMPROVING VULNERABILITY MANAGEMENT EFFECTIVENESS WITH APPLICATION SECURITY MONITORING
IMPROVING VULNERABILITY MANAGEMENT EFFECTIVENESS WITH APPLICATION SECURITY How runtime application security monitoring helps enterprises make smarter decisions on remediation 2 ABSTRACT Enterprises today
More informationA Strategic Approach to Web Application Security
WhiteHat Security White Paper A Strategic Approach to Web Application Security Extending security across the entire software development lifecycle Jerry Hoff WhiteHat Security The problem: websites are
More informationCoverity White Paper. Managing Risk: Ensure Software Quality and Security Across the Automotive Supply Chain
Managing Risk: Ensure Software Quality and Security Across the Automotive Supply Chain January 2012 The Automotive industry is undergoing a radical transformation. There s been tremendous industry consolidation
More informationHow Nokia deployed AirWatch MDM for Nokia Lumia
How Nokia deployed AirWatch MDM for Nokia Lumia Case Study 2 Contents 1 Challenge...3 1.1 AirWatch MDM pilot...3 1.2 Challenge of full MDM deployment...4 2 Preparing for deployment...6 2.1 Lessons learned
More informationMinimizing code defects to improve software quality and lower development costs.
Development solutions White paper October 2008 Minimizing code defects to improve software quality and lower development costs. IBM Rational Software Analyzer and IBM Rational PurifyPlus software Kari
More informationComputing Infrastructure Risk
Issue, Analysis, and Recommendation Lynn Robert Carter 2008-12 12-2323 Copyright 2008, Lynn Robert Carter Agenda Computing infrastructure at risk The root cause Solution elements are known Barriers to
More informationEffective Software Security Management
Effective Software Security Management choosing the right drivers for applying application security Author: Dharmesh M Mehta dharmeshmm@mastek.com / dharmeshmm@owasp.org Table of Contents Abstract... 1
More informationDevOps: Development Challenges and New Approaches
DevOps: Development Challenges and New Approaches Chris Sharp STSM, Chief Architect SWG Europe DevOps IBM Master Inventor, Member of IBM Academy of Technology Agenda The Problem and the Need for Change
More informationIn-Flight Mechanics A Software Package Management Conversion Project
In-Flight Mechanics A Software Package Management Conversion Project Philip J. Hollenback Yahoo, Inc. Overview Over the course of most of 2009 I acted as the technical lead on a software package management
More informationMobility. Mobility is a major force. It s changing human culture and business on a global scale. And it s nowhere near achieving its full potential.
Mobility arrow.com Mobility This year, the number of mobile devices is expected to exceed the world s population. Soon, smartphones will surpass PCs as the device of choice for Internet access. A startling
More informationCheck Point and Security Best Practices. December 2013 Presented by David Rawle
Check Point and Security Best Practices December 2013 Presented by David Rawle Housekeeping o Mobiles on Silent o No File Alarms planned o Fire exits are in front and behind and down the stairs o Downstairs
More informationChoosing the Right ERP Solution:
Choosing the Right ERP Solution: 3 CRITERIA FOR SUCCESS Table of Contents 1 2 Who We Are 3 The Key to Better Business Performance 4 ERP as the Focal Point of Your Business 5 Why Some ERP Solutions Fail
More information