TOP 3 STRATEGIES TO REDUCE RISK IN AUTOMOTIVE/IN-VEHICLE SOFTWARE DEVELOPMENT Go beyond error detection to ensure safety and security
TABLE OF CONTENTS The Three Biggest Challenges...4 Ensure compliance with safety norms and standards...5 Meet security requirements...5 Reduce defects in complex high-risk embedded code...5 Embedded Development Is Different...6 Conclusion...6 2
Developing in-vehicle embedded applications is a safety, security, and quality challenge. Given that cars and trucks are increasingly connected to each other and to the devices around them, it s becoming harder and harder to ensure that software is functional and free from risk. Development teams, especially the managers who are ultimately responsible, face incredible challenges when building such applications, and are learning that team members need to do more than just catch code defects during verification and validation testing. The new imperative: Identify and address security and compliance concerns earlier in the lifecycle, all while delivering innovative and differentiating features. 3
It s getting harder to write in-vehicle embedded software, given today s interconnected world. Like all software development teams, automotive software development teams must focus on being innovative, meeting product requirements, and delivering on time and within budget. Unlike other software development teams, automotive teams also have to keep customers safe from harm and ensure that defects never put their companies in news headlines. Vehicles are becoming more complicated, with an ever-increasing number of microprocessors and networks controlling telematics systems, safety features like blind-spot sensors and night-time pedestrian alerts, and even self-parking systems and adaptive airbags. What s more, connectivity encompasses features such as cellular-based accident reporting systems and Bluetooth-enabled video screens. The list of computerized functions in newer cars would be longer than this paper and that doesn t include smartphone apps or accessories like Global Positioning Systems or diagnostic devices. Development teams creating software for embedded automotive systems need to ensure that their applications are defect-free; that s a given, whether it s the control system for Dynamic Stability Control, tire-pressure monitoring code, or the built-in Pandora radio app. But defect-free is not enough. Members of the team, including programmers and testers, need to have visibility into the code, and may not know exactly what s happening during normal run-time, exception, and error-handling. Development tools should help teams create in-vehicle code that is safe and secure during the programming cycle, as well as validate that safety and security during testing. The tools should also help the team write code that is fully compliant with automotive industry requirements and best practices for all safety critical applications. Compliance, safety, and security requirements may not be familiar to new development teams moving into the embedded software field or to experienced embedded teams who aren t used to today s hypercomplex interconnected systems. Modern software tools should actively assist throughout every step of the development lifecycle, from coding to testing, and from regular defect reports to mandated compliance audits. At the same time, tools should enhance the team s productivity, using domain knowledge to get the job done faster, with smart automation and context-aware functionality, as well as traceability to help isolate any problems that may occur. Why is this necessary? Because, frankly, automotive and other such systems are increasingly complex, and complexity can lead to vulnerability and risk. Consider news out of Black Hat USA 2014, where security experts demonstrated their ability to penetrate vehicle networks. Chris Valasek, director of vehicle security research at IOActive, discussed the remote connectivity capabilities in vulnerable 2014 and 2015 car and SUV models: They have cellular communications, Bluetooth communications, regular radio communications. They have an Internet app for your phone, and an app for your car. And there s a lot of cyberphysical features. The car can brake itself. There s power-assisted steering. Things like that. With modern, advanced tools, defects and compliance issues can be detected early and remediated quickly. Without such tools, developers must learn all of the industry requirements and ensure that they are coding to meet those requirements. Some defects and issues may be caught during compilation, a debug cycle, or even during manual code reviews. There is always the risk, however, that defects and compliance issues will evade detection until late in the cycle or perhaps slip past quality-assurance efforts and be deployed into production systems. THE THREE BIGGEST CHALLENGES For years, automotive software teams have relied on manual testing or test tools to catch coding defects and identify issues that would affect safety and compliance. If such issues can be uncovered sooner and more effectively, development 4
teams can accelerate the software delivery process, and also reduce risk, reduce cost, and ship safer, more secure code. The following are some of the biggest issues that, while not unique to in-vehicle systems, are certainly exacerbated by today s complexity and connectivity trends: 1. Ensure compliance with safety norms and standards. Numerous organizations around the world issue safety standards for embedded software, and many of those apply to the automotive world. For example, MISRA, formerly known as the Motor Industry Software Reliability Association, has its own dialect of the C programming language called MISRA C which is periodically updated to ensure the safety of code written in that language. A recent update addressed hazards in the mainline C99 language that automotive and other safety-critical development teams should avoid. Other organizations that offer guidance and rules for safety-critical applications include the Institute of Electrical and Electronics Engineers (IEEE), the International Organization for Standardization, and the U.S. Department of Transportation. In most cases, software written by automotive development teams must comply with the latest versions of many safety specifications. Modern tools should help development teams comply with safety norms by suggesting coding best practices, flagging questionable code, and revealing concerns during code-checking and the testing portions of the lifecycle in other words, as early as possible. 2. Meet security requirements. Similarly to the safety norms and standards, many organizations offer guidance and requirements for ensuring that automotive and other critical embedded code is kept secure. The threats aren t only those seen in the movies, where a person with a smartphone takes control of someone s car they also involve ensuring that cars stay locked, wireless keys can t be bypassed, Bluetooth communications can t be monitored, and critical vehicle software can t be maliciously modified in any way. Even data flowing within a vehicle s own network often must be encrypted, and the network must be hardened against attack. Standards and security bodies that offer guidance and issuing requirements for embedded code security include the IEEE, the U.S. National Highway Transportation Safety Administration (NHTSA), the Common Weakness Enumeration from The MITRE Corp., the Open Web Application Security Project, and SAE International. To use one example, in 2011 the NHTSA launched an initiative called the Cyber Security and Safety of Motor Vehicles Equipped with Electronic Control Systems. A modern tool set for automotive developers can provide visibility into the applications, through source code analysis, simulation, and tracing during runtime. Reports and audits can help ensure that the code is, well, up to code. Simulation lets developers and QA teams see how the software will run, even if the hardware is not yet ready. Tracing provides logs and analysis that follow the source code and binary code as executed by the (real or simulated) microprocessor, so that hard-to-fix defects can be tied back to their root causes. 3. Reduce defects in complex high-risk embedded code. While automotive and in-vehicle systems have their own specific requirements for safety and security, they still must comply with the quality requirements for all embedded code. Memory leaks, untrapped exceptions, unchecked stacks and buffers, misplaced pointers, problems with array indexes, and errors in error handlers are all problems that can be caused by any number of factors. 5
While most programming errors can be caught during manual code review in a testing phase, this consumes valuable time and pushes error detection to potentially days or weeks after the code was written. It s more effective and also more educational for the development team to catch the bugs right in their Integrated Development Environment (IDE, also known as a code editor), or when code is checked into the source code repository. Development and test tools help by flagging defects early in the lifecycle right as individual programmers are typing, if possible; if not, as soon as possible thereafter. Bugs caught early can be remediated early, keeping the project on track and reducing the possibility that the bugs might evade detection later. EMBEDDED DEVELOPMENT IS DIFFERENT Software teams in the non-embedded enterprise world such as those writing websites, database applications, or even mobile phone apps have considerable experience with IDEs and other tools that detect bugs, security, safety, and compliance issues early, such as while coding or when checking source code into a repository. Traditionally, such functionality has not been as common in the embedded software world. Experienced embedded development teams may not be familiar with those tools; non-embedded teams beginning work in the automotive space may not realize that their tools don t offer that functionality. What s more, development teams coming from the enterprise world are not used to such rigid norms and specifications as those from groups like the NHTSA or MISRA. Outside the embedded world, security, safety, and compliance may not be life-threatening, and in many organizations, agile software processes allow for rapid code iterations where buggy code is deployed, and then the bugs are detected and remediated later in a future release. That s not how the embedded world works and we can all be grateful for that. Rogue Wave Software lives in both the embedded and enterprise development world, and has created the leading portfolio of tools to assist embedded development teams with safety, security, compliance, and error detection and prevention. CONCLUSION Security compliance, safety compliance, and defect reduction are huge goals, not only for meeting a product s technical requirements, costs, and deadlines, but also for keeping people safe. This has never been truer than with today s increasingly software-based cars and trucks, and with the increased threat profile due to radio-based interconnectivity and sophisticated in-vehicle apps. Rogue Wave Software s portfolio of embedded development solutions can help improve code quality, safety, and compliance throughout the development lifecycle, from architecture to coding, and testing to deployment. Visit www.roguewave.com. Rogue Wave provides software development tools for mission-critical applications. Our trusted solutions address the growing complexity of building great software and accelerates the value gained from code across the enterprise. Rogue Wave s portfolio of complementary, cross-platform tools helps developers quickly build applications for strategic software initiatives. With Rogue Wave, customers improve software quality and ensure code integrity, while shortening development cycle times. 2014 Rogue Wave Software, Inc. All Rights Reserved