Argus Cyber Security Announces Automatic Software Bill of Materials (SBOM) Extraction Capability for AUTOSAR-Based ECUs

Breakthrough vulnerability management capability helps OEMs and Tier 1 suppliers to reduce cyber risk and comply with UN R155 and other regulations

TEL-AVIV, Israel, January 23, 2023 – Argus Cyber Security, a global leader in automotive cyber security, today announced that its Vehicle Vulnerability Management (VVM) product now offers automatic AUTOSAR S(SBOMBOM Extraction capabilities. This capability provides OEMs and Tier 1s with full visibility into the software composition of the AUTOSAR ECU components they are getting from their downstream suppliers.

Founded in 2003, AUTOSAR is the de facto standard for ECU development across the industry. To this day, most manufacturers view AUTOSAR ECUs as a “black box” and program the ECU to their needs without knowledge of the software components inside. Typical ECUs contain dozens of software libraries from multiple suppliers – all of which could possibly contain hidden vulnerabilities that are liable to affect critical vehicle features and functional safety (e.g., airbags, braking system).

Moreover, to comply with new cybersecurity regulations such as UNR155 and ISO 21434, OEMs and Tier 1s must be able to identify and mitigate vulnerabilities in their vehicle software, including code coming from Tier 1 and Tier 2 suppliers.

The new AUTOSAR SBOM Extraction capability specifically addresses the limited visibility into ECU code. Argus VVM can now be used to automatically extract the entire SBOM from AUTOSAR ECUs, including detailed version and vendor information. Once the SBOM provided by the OEM o Tier1 is extracted within Argus VVM, vulnerabilities are automatically detected and prioritized, allowing quick and efficient response to vulnerabilities that affect the ECUs.

“You can’t underestimate the importance of vehicle vulnerability management, as required by regulations such as UNR 155 and standards such as ISO/SAE 21434. But up until now, limited visibility into the SBOM of AUTOSAR-based control units made it difficult to get it done effectively.” Said Michael Robertson, Vice President, Head of Products and Strategy, Elektrobit. “Automatic AUTOSAR SBOM Extraction is a major leap forward for automotive cyber security”

Argus VVM new capability allows OEMs and Tier 1s to improve software quality and reduce development costs. This latest VVM offering provides immediate insights into what software packages are affected by vulnerabilities, on which ECUs, and in which vehicles, together with a precise impact analysis of each vulnerability.

About Argus Cyber Security

Argus, a global leader in cyber security for connected mobility, provides modular onboard and offboard-vehicle cyber security products and services to protect all forms of connected mobility against cyber attacks. Customers include vehicle manufacturers, their suppliers, and connected mobility providers. Argus’ vehicle cyber security team provides a broad range of services to help our customers integrate cyber security practices and processes into the entire product lifecycle and comply with regulations.

Argus’ innovative methods and solutions are based on decades of cyber security and automotive research and have culminated in over 70 granted and pending patents. Founded in 2014, Argus is headquartered in Israel, with offices in USA, Germany, France, Japan and Korea. Visit Argus Cyber Security at https://www.argus-sec.com.