Navigating agile automotive software development

•Download as PPTX, PDF•

1 like•594 views

With many automotive organizations transforming development efforts towards agile methodologies, the need to redefine and establish security, safety, and quality standards and testing methods is more important than ever. How do we fit safety and security planning and tools into the adaptive development and rapid delivery practices of agile teams? In this second one-hour webinar you'll learn how to: - Integrate security and compliance testing with agile development - Provide context for fast triage and remediation - Create policies for code management in integrated testing environments

Software

Agenda
• A holistic approach to cybersecurity
• Blending DevOps and Agile for security
• How to implement a Jenkins CI system
• Examples of security defects
• Q&A
3© 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED

A holistic approach to cybersecurity
© 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 5
Information overload
Develop an adaptive threat
model
Threat
Model
External
Data
Internal
Threat
Metric
Action

© 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 6
Threat model
Most breaches result from input trust issues
Threat modeling identifies, quantifies, and addresses
security risks by:
1. Understanding the application & environment
2. Identifying & prioritizing threats
3. Determining mitigation actions
Identify
assets
System
overview
Decompose
application
Identify
threats
Prioritize
threats

© 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 7
Security overload
News
Blogs, social media
conferences
Security standards
OWASP, CWE, CERT, etc.
Senator Markey report
NVD, White Hat, Black Hat OEMs, internal
Media More and more software running inside
your car
Standards and legislation
Research Requirements
Developers don’t know security
(80% failed security knowledge survey)

Developing a threat metric
© 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 8
Build score
• Automated and functional testing can give you a pass fail metric on every
run of the test suite
• A metric can be generated from penetration testing based on the number
of exploitable paths in your code base
• Software quality tools can give you a count of critical static analysis and
compiler warnings
• A metric can be developed based on the presence of snippets of open
source code previously undetected or open source with new known
vulnerabilities
• All of these metrics can be generated on every build of your software

Agile development: Integrated
security
© 2015 Rogue Wave Software, Inc. All Rights Reserved. 10
Adaptive
Accept
Sprint 1
Sprint 2
Sprint n
Release
Change
Adjust and Track
Feedback
Review
Next Iteration
No!
Yes!
Release
to
Market
Integrate
and Test
Integrate
and Test
Integrate
and Test
Multiple testing
points
Rapid feedback
required
“Outside” testing
does not meet
Agile needs

DevOps SDLC
11
Continuous
Integration
SDLC Step
UAT/
exploratory
testing
Functional
testing
Performance
load security
Release Deploy
Metric
Understand
Needs
Invent
Solution
Develop
Build
Commit
Idea
© 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED

Jenkins CI
© 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 13

Load, Performance, Security…Testing phase
© 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 15
Load, Performance,
Security, … Testing

Develop, commit & build
© 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 16

Develop, commit & build
© 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 17

DevOps SDLC
18
Continuous
Integration
SDLC Step
UAT/
exploratory
testing
Functional
testing
Performance
load security
Release Deploy
Metric
Understand
Needs
Invent
Solution
Develop
Build
Commit
Idea
© 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED

Conclusions
© 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 19
The application security world is fluid
Create concrete,
actionable strategies
(Threat Metric, analysis & scanning)
Delivery cycles are short
Update regularly with
well-defined process
(Agile, CI)

See us in action:
www.roguewave.com
Jeff Hildreth | jeff.hildreth@roguewave.com

Navigating agile automotive software development

Visteon Electronics delivers innovative in-vehicle user experiences through its core automotive and consumer electronics-derived solutions in user interfaces, connectivity and open architectures. To do so effectively the organisation needs to be able to react to changing client needs, new industry trends, and deliver a rapid return on investment. To achieve these goals, a new "Agile" approach was sought, one that needed to cater for large, globally-distributed teams, integrating both software and hardware into the solutions being delivered. This presentation, originally delivered at the IBM Innovate 2014 conference, tells the story so far, the challenges faced, and the benefits that have been achieved.

Agile + ISO 26262: Using Agile in Automotive Development

Intland Software GmbH

The automotive industry has grown to rely on software more than many other, traditionally software-focused industries. Software development expertise is increasingly becoming the currency in automotive development. To cut costs and time to market, the adoption of Agile is on the rise in this highly regulated industry. Our webinar helps you to learn how to ensure compliance with ISO 26262 and other automotive regulations (IEC 61508, Automotive SPICE, CMMI, etc) in an Agile development environment. The webinar also gives you practical knowledge about continuous compliance with ISO 26262 and other relevant automotive regulations.

Frequently Asked Question (FAQ's) on ISO 26262 Functional Safety

Embitel Technologies (I) PVT LTD

How to Achieve Functional Safety in Safety-Citical Embedded Systems

evatjohnson

Whether they operate in the medical, automotive, avionics, or any other field, developers of safety-critical embedded systems understand the importance of quality assurance, risk and process control, and artifact traceability. Current trends in these industries predict that the challenges of complexity brought about by IoT connectivity, smart system of systems products, and embedded software will become even greater. To tackle these challenges, developers have to come up with innovative strategies to ensure the functional safety and reliability of their products. In this webinar, we focus on the tools, processes and techniques around requirements and testing that are considered vital to ensuring functional safety in embedded systems. Adequate requirements definition, requirements-based testing, risk management, and test coverage analysis are a few of the techniques that help achieve functional safety in the development of such systems. Our webinar helps you to learn more about ensuring the safety of your mission-critical end products.

Kashvi Consultants Technology SBU Profile

caharshalshah

Managing Traceability in an Agile, Safety-critical Development Environment

Intland Software GmbH

Tracing requirements through test cases to released features is vital in the development of safety-critical end products and a key activity to help compliance with standards. Traceability helps ensure that all requirements are covered with features, and that there is no unnecessary code in the released product which could create risks. However, with the increasing adoption of less structured Agile methods, and the growing complexity of mission-critical development projects, ensuring traceability is a challenge. Our webinar helps you to learn how to establish links between all work items across the lifecycle in complex, multi-tier safety-critical (embedded) software projects in an Agile environment. During the webinar, we cover the basics of traceability, why it's vital in mission-critical projects, and how it can be ensured even if your teams are working with Agile. Whether you're operating in the medical device, automotive, avionics, defense, or any other safety-critical sector, this webinar provides valuable practical knowledge on work item traceability.

Automotive Functional Safety ISO 26262 Training Bootcamp - Tonex Training

Bryan Len

Price: $3,999.00 Length: 4 Days Automotive functional safety ISO 26262 training covers the foundation of ISO 26262 standard, its extension, the fundamental contrasts from IEC 61508 (the general safety standard), and how the degree shifts with including new frameworks. Automotive functional safety ISO 26262 training gives an outline of all areas of ISO 26262 and its effect. Automotive functional safety ISO 26262 training causes you get ready for the arrival of ISO 26262 by introducing the subtleties of ISO 26262 of every a pragmatic way. This hands-on class will give you the all the data you have to actualize ISO 26262. What is ISO 26262? ISO 26262 is a Functional Safety standard that is a change of the general safety standard IEC 61508 for the particulars of Automotive Electric/Electronic Systems. ISO 26262 is connected to safety related frameworks that contain at least one EE frameworks introduced in traveler autos with a greatest gross vehicle mass up to 3,500 kg. Find out About: ISO 26262 prerequisites The difficulties of executing ISO 26262 The formal safety the executives forms and the suggested supporting procedures Hazard appraisal and the functional safety idea Specialized safety idea and framework plan Safety-arranged equipment and programming improvement A systematic way to deal with safety investigation Abilities required for compelling reviewing of the ISO 26262 prerequisites / Abilities to audit the Safety Case Functional Safety Audit and Functional Safety Assessment Affirmation Measures including Confirmation Reviews, Functional Safety Audit and Functional Safety Assessment Danger investigation and hazard evaluation (H&R/HARA) Parts 2,3,4,5,6,7,8, and 9 FMEA / FTA ISO 26262 equipment design measurements Dependent failure analysis (DFA) DRBFM Course Outline Overview of the ISO 26262 Functional Safety Management (Part 2) Project-Independent Functional Safety Management Requirements of Safety Management Work Products, Part 2 Concept Phase (Part 3) Work Products, Part 3 Product Development, System Level (Part 4) Work Products, Part 4 Product Development: Hardware Level (Part 5) Assessing Possibility of Violation of A Safety Goal Work Products, Part 5 Product Development: Software Level (Part 6) Work Products, Part 7 Production and Operation (Part 7) Work Products, Part 7 Supporting Processes (part 8) Work Products, Part 8 ASIL-Oriented and Safety-Oriented Analyses (Part 9) Work Products, Part 9 ISO 26262 Tools / ISO 26262 Auditing TONEX Sample Hands-On Workshop Request more information.Visit course link below https://www.tonex.com/training-courses/automotive-functional-safety-iso-26262-training/

5 Principles to Managing Your Application Lifecycle with SpiraTeam

Adam Sandman

The adoption of Agile is spreading across various industries, in organizations of all sizes. However, most experts agree that scaling Agile for enterprise use is a challenge. SAFe®, the Scaled Agile Framework, was created to resolve this problem. SAFe® provides a fully controlled way to adopt and scale Agile across large companies, and to align Agile processes to business strategy. The Scaled Agile Framework's latest edition 4.0 introduces the optional Value Stream level to synchronize all the Agile Release Trains, as well as other updates compared to SAFe® 3.0. Our webinar helps you to learn more about implementing enterprise Agile with the Scaled Agile Framework, and the differences between SAFe®'s previous versions and its recently released 4.0.

Afry software safety ISO26262 (Embedded @ Gothenburg Meetup)

Dimitrios Platis

With increased software size and complexity, there is an increased risk in terms of software failures that could lead to unacceptable hazards. Part 6 of ISO26262 standard (International Standard for safety of automotive electronics) provides appropriate requirements and processes to develop automotive software acceptably safe. Following ISO26262 standard is almost mandatory in every leading company. The topic of the meetup is to introduce the ISO26262 standard and briefly address the following questions: 1. How to develop automotive software according to ISO26262? 2. What is safety analysis and how to use it in software? 3. How to manage software according to requirements from standard? 4. What are the other constraints from ISO26262 towards software development and testing? Speaker: Chaitanya Raju is currently consulting across safety critical automotive systems and software. He has a master's in automotive embedded systems and experience of around 10 years in the automotive domain. As a safety practitioner he worked at Volvo Trucks (GTT), NEVS, CEVT, Hyundai Mobis and currently working in Volvo Cars. Chaitanya trained function owners, software developers and project managers in ISO26262.

Automotive functional safety iso 26262 training bootcamp 2019

Tonex

Whether you’re a manager, a project manager, an engineer, a developer, or you work in purchasing – in the automotive industry, almost all departments come into contact with Functional Safety. If you need detailed answers to the Functional safety issues that take up most of your time at work, our courses fit the bill. Automotive functional safety ISO 26262 preparing covers the foundation of ISO 26262 standard, its extension, the primary contrasts from IEC 61508 (the general safety standard), and how the degree changes with including new frameworks. Automotive functional safety ISO 26262 preparing gives a diagram of all segments of ISO 26262 and its effect. For what reason Do You Need ISO 26262 Training? ISO 26262 is the new automotive application standard for functional safety IEC 61508 that impacts the entire item lifecycle. Be that as it may, applying and actualizing ISO 26262 out of a powerful, effective way can be testing. Learn about: ISO 26262 prerequisites The difficulties of executing ISO 26262 The formal safety the executives forms Hazard evaluation and the functional safety idea Specialized safety idea and framework plan Safety-arranged equipment and programming advancement A deliberate way to deal with safety investigation Abilities required for viable reviewing of the ISO 26262 necessities Abilities to survey the Safety Case Functional Safety Audit and Functional Safety Assessment Affirmation Measures including Confirmation Reviews, Functional Safety Audit and Functional Safety Assessment Danger examination and hazard evaluation (H&R/HARA) Parts 2,3,4,5,6,7,8, and 9 FMEA / FTA / DRBFM ISO 26262 equipment compositional measurements Subordinate disappointment investigation (DFA) Learning Objectives: Comprehend the subtleties of ISO 26262 Distinguish how the extent of ISO 26262 applies to their framework Build up a Safety Case plan consenting ISO 26262 Development Interface Agreement consistent to ISO 26262 Characterize the safety objectives and Automotive Safety Integrity Level (ASIL) Decide the HW prerequisites dependent on ASIL Decide the SW prerequisites dependent on ASIL Call us today at +1-972-665-9786. Learn more about this course audience, objectives, outlines, seminars, pricing , any other information. Visit our website link below. Automotive functional safety iso 26262 training bootcamp 2019 https://www.tonex.com/training-courses/automotive-functional-safety-iso-26262-training/

Inflectracon2020: Advantages of Integrating a DevSecOps Pipeline with the Spi...

Inflectra

Welcome to InflectraCon 2020! Please enjoy Inflectra's partner presentation on common DevSecOps pipeline concepts and the integration of a typical pipeline with the Spira family of tools. The key takeaways are: - Explore foundational DevSecOps pipeline concepts, components, and functions. - Understand how the move to DevSecOps can help detect defects before production quickly and prevent continuous bugs. - Learn how you can jump-start your efforts and have a working pipeline on your project. The presentation is by the Inflectra Partner - Coveros. The companion video is available here https://www.youtube.com/watch?v=bTQJtr1Digw

Moving Towards Operability & Organising for Continuous Delivery

Equal Experts

Talk given by Dan Mitchell, (Operability Lead, Equal Experts) at ExpertTalks Manchester, 18th October 2017. All too often DevOps is a constraint for organisations. People have been led to believe it will solve all their problems, but it's shrouded in magic, mystery, and pixie dust. We want to distill DevOps down to its thing of value - operability - and help organisations to create a real feedback loop for their production systems and improve their delivery flow.

Qualification of Eclipse-based Tools according to ISO 26262Oscar Slotosch

Methodologies 3: Using Spira for Waterfall

Inflectra

ISO 26262 introduction

KoenLeekens

Building Quality into Your DevSecOps Pipelines

Inflectra

This is a presentation on how to build quality into your DevOps/DevSecOps pipelines. The presentation covers: - Software Quality through End-to-end Traceability: How SpiraPlan Enables Progress Tracking and Visualization through Dashboards - Adam Sandman, Inflectra - Quality Gates: Forcing Functions to Bake Quality In - Jeffery Payne, Coveros - Delivering Quality Through Your DevSecOps Pipeline Using SpiraPlan - Hugo Sanchez, Coveros. The presentation was created on Feb 4, 2021.

Inflectra Enterprise Agile Planning Briefing for Gartner 2018

Adam Sandman

Rapise Overview Presentation (2021)

Inflectra

Aligning QMS and Engineering Processes in Medical Product Development

Intland Software GmbH

Friends & Foes of Software Test Automation - Test Automation, Demystified | W...

Inflectra

This is a presentation linked to a live webinar called: Friends and Foes of Software Test Automation. This is the 4th webinar in Inflectra's 7- part live webinar series called: Test Automation, Demystified. The webinar discusses two important areas of test automation: - A list of structural elements inside an application that are critical in test automation - Knowing what to check first: how to reduce the rate of failure in test automation. The webinar is presented by Alexey Grinevich - a senior software engineer and automation architect at Inflectra.

27 Nov 2019 – Experts Talk: Integrated MedTech Delivery from Requirements thr...

Intland Software GmbH

SpiraTeam Overview Presentation (2019)

Inflectra

SpiraTest Overview Presentation (2022)

Inflectra

1, 2, 3 build - continuous integration for mobile apps

Alexander Pacha

Program And Portfolio Management

Inflectra

Create code confidence for better application security