Code is new fuel for a modern car. It is more dependent on code than petrol. Nowadays, a car powered by a network of 70 to 100 electronic car units (ECUs) which constantly communicate over Control Area Network (CAN). Indeed, it takes 100 million1 lines of code for a modern car to function, and it is expected to rise to 300 to 500 million. In contrast, a Boing 787 Dreamliner runs on 12 million lines of code2.
The complexity of software in a car and multi-tier supply chain have raised many challenges for quality, functionality and security testing. Moreover, WP.29 regulations by UNECE mandates frameworks essential for connected cars in the area of cyber security and software updates.
asvin has designed and developed a novel solution to improve overall DevOps process integrity testing using the distributed and decentralized technologies. It consists of Distributed Software Bill of Materials (D-SBOM)4 and secure software supply chain services.
The D-SBOM service aims to pioneer creation of list of software constituents, its storage and retrieval using the distributed ledger technology (DLT). Additionally, the objective of secure software supply chain services is to trace the track of software from its development to installation. Each event in software lifecycle will be recorded on a distributed ledger.
Both services will help in establishing unbroken chain of ownership, software provenance, transparency, security, trust and integrity for DevOps process in automobile industry. A ledger is inherently immutable and secure. Therefore, the solution will strengthen and streamline the process of auditing and compliance adherence set by government and regulatory institutions.