Duesseldorf, May 28th, 2024 – We are excited to introduce a joint solution involving ONEKEY and ESCRYPT CycurRISK that addresses the pain points faced by the automotive industry when it comes to vulnerability management in software-defined vehicles. ESCRYPT CycurRISK is a software tool for threat analysis and risk assessment from ETAS, the market leader for embedded automotive cybersecurity solutions.

Under the UN R 155 regulation, OEMs are required to monitor, detect, and respond to vulnerabilities in their vehicles. However, effective vulnerability monitoring can be challenging due to the need to identify the software components and versions running on each vehicle. Maintaining this information in a software bill of materials (SBOM) can be a complex task. Additionally, vulnerability scanning often generates a long list of potentially relevant findings, making it difficult for developers to prioritize and address them.

To alleviate these pain points, we present our joint solution: ONEKEY provides a platform to manage and validate SBOMs, as well as detect and auto-prioritize vulnerabilities. It enables automated generation of a list of software components (SBOM) from a binary, without requiring access to the source code. Further, known vulnerabilities (CVEs) and unknown vulnerabilities (Zero-Days) will be identified and prioritized in minutes. On the other hand, ESCRYPT CycurRISK supports the creation and maintenance of Threat Analyses and Risk Assessments (TARAs). Analysts can capture valuable context information about the analyzed functionality or component, enabling them to assess the impact of potential attacks on assets in a given context. The information from ESCRYPT CycurRISK is then used to prioritize the most critical vulnerabilities in the software.

With this joint solution, the large number of identified vulnerabilities becomes more manageable. Developers receive a filtered and prioritized list of vulnerabilities, allowing them to focus on improving the software in the areas that matter most.

Looking ahead, we are excited to announce further upcoming topics. Firstly, we will explore the extended use case of feedback information from vulnerability management back into the TARA, ensuring that the risk assessment remains current. Secondly, we will aim to create an extended eco system by closely interweaving other ETAS cybersecurity products and solutions, such as ESCRYPT CycurGUARD and ESCRYPT CycurFUZZ, to further enhance the efficiency and effectiveness of vulnerability management in software-defined vehicles.

Stay tuned for more updates on these exciting developments!

Learn more: ESCRYPT CycurRISK – ESCRYPT Cybersecurity Products – ETAS