VicOne Collaborates with Microsoft to Provide Software Developers

Collaboration delivers end-to-end protection across automotive software lifecycle and streamlines secure code development for SDV manufacturers

Max Cheng, CEO, VicOne: The DevSecOps workflow enabled by our collaboration with Microsoft offers unprecedented benefits to software developers and automotive OEMs. The end-to-end protection enabled by this collaboration stands to transform the automotive software lifecycle and marketplace.

an automotive cybersecurity solutions leader, today announced a collaboration with Microsoft to enable developers of vehicle software to proactively secure firmware and ensure end-to-end protection across the automotive software lifecycle. Manufacturers of software-defined vehicles (SDVs) benefit from differentiated automotive threat intelligence, streamlined and secure code development, enhanced continuous integration (CI) and automated security analysis. This collaboration enables an innovative developer, security and operations (DevSecOps) workflow.

“The DevSecOps workflow enabled by our collaboration with Microsoft offers unprecedented benefits to software developers and automotive OEMs (original equipment manufacturers) alike,” said Max Cheng, CEO of VicOne. “Developers realize a more efficient and effective path for rolling out innovative software solutions of proven security, while automakers are enabled to perform self-assessment not only of their own software but also for solutions from providers across their complex supply chains. The end-to-end protection enabled by this collaboration stands to transform the automotive software lifecycle and marketplace.”

VicOne xZETA now can integrate through GitHub

With this collaboration, automotive software developers access a seamless and powerful workflow for securing their software, using GitHub Advanced Security for Azure DevOps for source code analysis, VicOne xZETA for binary analysis and the patent-pending VicOne Vulnerability Impact Ratings (VVIRs). It is foreseeable that the end product would run on Microsoft Azure infrastructure:

Microsoft Visual Studio Code and GitHub Copilot assist developers in writing secure code.
GitHub Advanced Security performs secret scanning and source code analysis.
VicOne xZETA delivers firmware and binary analysis with real-time vulnerability ratings.

VicOne xZETA is already available as a part of development within GitHub.

“By addressing vulnerabilities at both source and binary levels, our collaboration with VicOne sets a new standard for secure automotive software innovation,” said Dayan Rodriquez, Corporate Vice President, Manufacturing & Mobility, Microsoft. “In bringing to bear strong and unique automotive threat intelligence, this collaboration of our companies’ diverse security expertise creates a more efficient, effective and seamless workflow that enables the faster development of innovative automotive technologies while simultaneously improving vehicle safety and security.”With AI-powered static analysis, secret scanning, and software composition analysis, GitHub Advanced Security helps developer and security teams work together to accelerate the delivery of more secure software without sacrificing productivity.

xZETA’s unique VicOne Vulnerability Impact Ratings (VVIRs) integrate external and internal insights to prioritize high-risk vulnerabilities, enabling swift identification of high-risk issues and execution of countermeasures. The complete information feeds back into Threat and Risk Assessment (TARA) results, aligning with ISO 21434, “Road vehicles — Cybersecurity engineering,” and fueling continuous monitoring.

In contrast to vulnerability management platforms that only address known open-source vulnerabilities, xZETA offers superior visibility into zero-day, undisclosed and known vulnerabilities, as well as Common Weakness Enumeration (CWE), advanced persistent threats (APTs) and ransomware. VicOne’s xZETA threat intelligence surpasses the National Vulnerability Database (NVD) by more than 189 percent, providing a wider spectrum of detection coverage.

SOURCE: Businesswire