Building Secure Cars: Assuring the Automotive Software Development Lifecycle

Explores how the automotive industry can address the increased risks of cyberattacks and incorporate security into the software development lifecycle

While increased connectivity and advanced software-based automotive systems provide tremendous benefits and improved user experiences, they also make the modern vehicle highly susceptible to cybersecurity attacks. In response, the automotive industry is investing heavily in establishing cybersecurity engineering processes.

Written by a seasoned automotive expert with abundant international industry expertise, Building Secure Cars: Assuring the Software Development Lifecycle introduces readers to various types of cybersecurity activities, measures, and solutions that can be applied at each stage in the typical automotive development process.

This book aims to assist auto industry insiders build more secure cars by incorporating key security measures into their software development lifecycle. Readers will learn to better understand common problems and pitfalls in the development process that lead to security vulnerabilities. To overcome such challenges, this book details how to apply and optimize various automated solutions, which allow software development and test teams to identify and fix vulnerabilities in their products quickly and efficiently. This book balances technical solutions with automotive technologies, making implementation practical. Building Secure Cars is:

• One of the first books to explain how the automotive industry can address the increased risks of cyberattacks, and how to incorporate security into the software development lifecycle
• An optimal resource to help improve software security with relevant organizational workflows and technical solutions
• A complete guide that covers introductory information to more advanced and practical topics
• Written by an established professional working at the heart of the automotive industry
• Fully illustrated with tables and visuals, plus real-life problems and suggested solutions to enhance the learning experience

This book is written for software development process owners, security policy owners, software developers and engineers, and cybersecurity teams in the automotive industry. All readers will be empowered to improve their organizations' security postures by understanding and applying the practical technologies and solutions inside.

探討汽車產業如何應對日益增加的網絡攻擊風險，並將安全性納入軟體開發生命週期中。儘管增加的連接性和基於軟體的先進汽車系統帶來了巨大的好處和改善的用戶體驗，但也使現代車輛極易受到網絡安全攻擊的影響。為此，汽車產業正大力投資於建立網絡安全工程流程。

《建構安全汽車：確保軟體開發生命週期》是一本由經驗豐富的汽車專家撰寫的書籍，具有豐富的國際行業專業知識。本書向讀者介紹了在典型汽車開發過程的每個階段都可以應用的各種類型的網絡安全活動、措施和解決方案。

本書旨在幫助汽車行業內部人士在軟體開發生命週期中納入關鍵的安全措施，從而建造更安全的汽車。讀者將學習更好地理解開發過程中常見的問題和陷阱，這些問題和陷阱導致安全漏洞的出現。為了克服這些挑戰，本書詳細介紹了如何應用和優化各種自動化解決方案，使軟體開發和測試團隊能夠快速高效地識別和修復其產品中的漏洞。本書在技術解決方案和汽車技術之間取得平衡，使實施變得實用。

《建構安全汽車》具有以下特點：
- 首批解釋汽車產業如何應對日益增加的網絡攻擊風險，以及如何將安全性納入軟體開發生命週期的書籍之一
- 是一個優質資源，可通過相關的組織工作流程和技術解決方案來提高軟體安全性
- 是一本涵蓋入門知識到更高級和實用主題的完整指南
- 由在汽車行業核心工作的專業人士撰寫
- 以表格和視覺圖片為特色，並提供真實問題和建議的解決方案，以增強學習體驗

本書針對汽車行業中的軟體開發流程負責人、安全政策負責人、軟體開發人員和工程師以及網絡安全團隊等讀者群體。所有讀者都將通過理解和應用書中的實用技術和解決方案，提升其組織的安全狀態。

Dr. Dennis Kengo Oka is an automotive cybersecurity expert with more than 15 years of global experience in the automotive industry. He received his Ph.D. in Computer Science and Engineering, with a focus on automotive security, from Chalmers University of Technology in Sweden. In the past, Dennis has worked with Volvo Car Corporation in Sweden where he bootstrapped automotive security research for remote diagnostics and over-the-air updates on vehicles. He has also worked for the Bosch Group in Japan serving both Japanese and global customers. Specifically, Dennis co-launched the automotive security practice (ESCRYPT) in Japan and was the Head of Engineering and Consulting Asia-Pacific. Dennis has also been involved in several automotive standardization activities, including the development of fuzz testing guidelines and cybersecurity testing frameworks. He has over 60 publications consisting of conference papers, journal articles, and book chapters, and is a frequent public speaker at international automotive and cybersecurity conferences and events.

Dr. Dennis Kengo Oka 是一位擁有超過15年全球汽車行業經驗的汽車網路安全專家。他在瑞典查爾姆斯理工大學獲得了計算機科學和工程學博士學位，專攻汽車安全領域。過去，Dennis曾在瑞典的沃爾沃汽車公司工作，為車輛的遠程診斷和空中更新開展了汽車安全研究。他還曾在日本的博世集團工作，為日本和全球客戶提供服務。具體而言，Dennis在日本共同推出了汽車安全實踐（ESCRYPT），並擔任亞太地區的工程和諮詢負責人。Dennis還參與了多個汽車標準化活動，包括模糊測試指南和網路安全測試框架的開發。他發表了60多篇會議論文、期刊文章和專書章節，並經常在國際汽車和網路安全會議和活動上發表演講。