CYMOTIVE’s Security Engineering Lifecycle Model
The Risk Analysis provides clear visibility on the cyber threats and attack vectors to the vehicle’s Electrical Control Units (ECUs), Systems, and Architecture. For every identified risk, mitigations and controls are proposed while taking into account the context of automotive constraints.
Based on the identified risks, CYMOTIVE’s security architects formulate the desired security specification for the implicated components, functions, and systems. The security specification is then presented to the relevant supplier(s) to ensure implementation criteria are cut clear.
Continuous technical review of the supplier’s implementation of agreed security specifications. The process ensures no gap is present as a result of a human error or an implementation fault.
Security testing is conducted on selected samples to validate that the functionality and functions meet the security requirements defined in the security specifications.
A broad range of Hardware and Software Penetration Testing. Whether Black, Gray or White box hacking, the goal is always the same: to identify missing requirements, faulty implementation, incomplete testing, etc.
CYMOTIVE’s Pen Testing methodology combines hardware hacking techniques with a unique Purple approach, giving us a distinct edge in the Penetration Testing domain.