Software Vulnerability Management

Performing risk assessments at the vehicle software component level is challenging for numerous reasons. The amount of code involved is staggering, access to the code may be restricted and the overall process depends on all the providers in the automotive OEM’s complex supply chain.  Automated scanning of binaries can reduce the challenge to a manageable scale. Combined with the HARMAN OTA solution, an OEM’s binaries repository can now benefit from periodic scanning of all managed components.

Software Supply Chain Protection

“As an automaker, we have little visibility into the source code and potential vulnerabilities that lie within it. HARMAN Software vulnerability management solution provides alerts to component-level vulnerabilities throughout the supply chain and further assesses the risk and impact of zero-day vulnerabilities while shortening response time from identification to full recovery.“

Connected car executive, London

Software Vulnerability Management

With this new cybersecurity add-on, automakers can now be notified about potential component-level vulnerabilities throughout the supply chain, further assess the risk, impact of the risk and plan for risk mitigation., HARMAN OTA can help automakers initiate relevant software campaigns to make their vehicle more secure and future-proof.

HARMAN OTA Remote Vehicle Update
Download Factsheet
3.00 MB

Identify and Manage Component-Level Vulnerabilities

The OTA Software vulnerability add-on, allows automated triggering of scanning of binaries for cybersecurity vulnerabilities. It applies a cybersecurity “risk score” to binaries under HARMAN OTA solution management, assess the impact of vulnerable software binaries on the fleet and provide additional supporting tool for campaign initiation decisions. 

Continuous updates to the threat intelligence database of Common Vulnerabilities and Exposures (CVEs) and proprietary threats data means OEMs are notified quickly of zero-day vulnerabilities and able to assess their impact on production vehicles.    

  • Automated scanning of binaries prior to activating update campaigns.
  • An up-to-date security score helps OEMs identify risk level when deploying software components.
  • Continuous monitoring of deployed binaries, identification and alerting of zero-day vulnerabilities.
  • Full impact analysis at the binary level to assess level of OEM fleet exposure.
  • OEMs notified quickly of zero-day vulnerabilities, enabling them to assess their impact on production vehicles.
  • Increases visibility into binaries and potential vulnerabilities.
  • Binaries tested regularly for new vulnerabilities, preventing any potential attacks and future-proofing automakers.
  • Enables timely response to any potential vulnerabilities.