Role of SAST and SCA in ISO/SAE 21434 – Road Vehicles Cybersecurity Engineering

As a leading developer of software-assurance and advanced cybersecurity solutions, GrammaTech helps its customers and partners solve the most challenging software issues and safeguards mission-critical software and devices from failure and cyberattack.

As cars become more connected and complex, the amount of software needed is staggering. With 100 million lines of code being standard for current vehicles and up to 300 million for autonomous vehicles. Along with this connectivity and  complexity is an ever-increasing cyber-attack surface. Battling this security threat and improving the cybersecurity engineering of automotive software is the goal of ISO/SAE 21434.

This relatively new standard is a descendant of the existing ISO 26262 standard for automotive safety with the intended goal of defining objectives, requirements and guidelines for securing electrical and electronic systems in automobiles.

Rather than evaluating each major clause of ISO/SAE 21434 and analyzing how it applies to tools like SAST and SCA, this post looks at what the standard says about key areas of security and where these tools apply.