The new ISO/SAE 21434 increases the requirement for security testing in the automotive domain. Car manufacturers must now provide advanced security tests for each software component, as part of the validation process. This includes either, penetration testing, vulnerability scanning and/or fuzz testing. But especially the early adoption of fuzz testing is currently becoming best practice among German car manufacturers.

This has two reasons: (1) Integrating fuzzing into their CI/CD helps them to achieve ISO 21434 compliance, and (2) fuzz testing enables them to cope with the growing dependencies in automotive software. Continental HMI for instance used white-box fuzzing approaches, to simulate their hardware dependencies. This specific fuzz testing approach, which my colleagues and I developed, enabled them to achieve a code coverage of more than 95% in most of their modules [1].

During the session, I will demonstrate how we improved Continentals HMI’s code coverage, and we will also discuss strategies how you can apply these fuzz testing approaches to your own software.

Related Articles:
[1] How Continental Managed to Test 18.000 Lines of Code Within Only One Week https://www.code-intelligence.com/fuzzing-use-case-automtive-continental