Comprehensive industry survey reveals key cyber security challenges facing automotive development teams and the current status of DevSecOps implementations at OEMs and automotive suppliers
PlaxidityX, a world leader in automotive cyber security, published its annual report about DevSecOps insights from automotive software developers. This research report provides a view of the current state of DevSecOps adoption within the automotive industry.
DevSecOps is a practice that integrates security seamlessly throughout the software development lifecycle. Given its potential to mitigate risks, shorten time-to-market, and reduce costs by identifying vulnerabilities earlier in the development process, DevSecOps has started to be adopted by both OEMs and their suppliers to address the complex security challenges of software-defined vehicles (SDVs).
While most automotive manufacturers use general purpose enterprise security tools to implement DevSecOps, 83% of them are also using automotive specific tools. This suggests that general purpose tools are not optimized for the unique challenges of automotive software development, as required by automotive cyber security regulation and industry standards.
The report offers insights and in-depth analysis of data collected from an extensive survey of hundreds of professionals across key roles in automotive software development, engineering and security at both OEM and Tier 1/2 companies in North America, Europe and Asia. It sheds light on the barriers companies face developing automotive software, as well as the key benefits that DevSecOps provides to those who have already begun this journey.
The following insights are among the key findings in the full report:
- Automotive development teams are increasingly burdened by product security complexity. The survey found that 63% of respondents spend at least 20% of their time on security-related tasks. This issue is compounded by the reliance on multiple security tools, with 55% of respondents using between 7-10 separate tools. This complexity detracts from product innovation and impedes development processes.
- The majority of respondents (76%) rate their security tools as “not very effective.” While 40% of security teams rate their tools as very effective, this is true for only 20% of R&D and engineering teams. This disparity highlights a significant pain point for development teams, which view security tools as a hindrance to productivity.
- OEMs see product quality as the main benefit of DevSecOps, while suppliers cite enhanced customer confidence. Cost reduction, cited by only 9% of respondents, takes a back seat, indicating a mature understanding of cyber security’s role in delivering high-quality, secure products.
“The findings in our report underscore the transformation of the industry over the past few years to support the development of software-defined vehicles, with almost every company either planning or implementing DevSecOps,” said Ran Ish-Shalom, VP Strategy and Product at PlaxidityX. “As OEMs and their suppliers reinvent themselves as software developers, they are highly aware of the importance of cyber security – not just to reduce costs, but as a way to improve product quality and enhance customer confidence.”
Also Read: From Afterthought to Agenda: Why Data Security Now Dominates the Boardroom
[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]
