Continental Success Story
Continental managed to test a large safety module with 18,000 lines of code (LoC) within only one week.
Continental managed to test a large safety module with 18,000 lines of code (LoC) within only one week.
Automotive
Development
> 230 000 Employees
Hannover, Germany
Continental automated their security testing and increased their code coverage (now above 95% in most modules).
The smart bug detection and advanced debugging features of the CI Fuzz testing platform helped the development team to fix all business-critical bugs in the evaluation project within only one week.
Feedback-based fuzzing enables Continental to comply with automotive software security standards such as UNECE WP.29 and ISO/SAE 21434.
The CI Fuzz testing platform comes with a detailed bug reporting and insights for each finding. Project managers are now able to automatically report and prove which inputs lead to bugs and critical behavior and how much progress the business unit made since the last sprint.
Continentals HMI business unit develops systems and solutions for the human machine interface of modern road vehicles. For example, display solutions, head-up displays and cockpit high performance computers. HMI makes processing and managing information simple, intuitive, and reliable.
Infotainment systems in modern vehicles usually communicate with a whole range of external embedded sensors. These dependencies add an additional layer of complexity for security testing, as they typically require plenty of manual effort.
Although the Public API documentation is usually available, developers need to write plenty of test harnesses, which is incredibly time-consuming.
Developers have to secure the communication between the Hardware-Dependent-API and the hardware.
As a result of the new ISO/SAE 21434 and UNECE WP.29, many car producers (OEMs) are extending their software testing activities. The standard holds regulations for software devices within vehicles, along with their connectivity to external systems.
The ISO 21434 and UNECE WP.29 recommend OEMs to integrate feedback-based fuzz testing into their DevOps processes and define new requirements for software security engineering.
Open-source fuzzing solutions are already very effective, but they still require manual tuning and follow-up work for developers. Continental was looking for a professional fuzzing solution they can easily apply in automotive architecture.
Continental implemented the CI Fuzz testing platform in their CI/CD to improve their code quality and development speed. CI Fuzz is a CI/CD-agnostic platform for automated security testing. The platform helps developers protect themselves against unexpected edge cases. It empowers them to fix bugs during development and to achieve reproducible testing results.
The CI fuzz testing platform makes it possible to apply modern fuzz testing approaches in an early stage of the software development process. This has automated and simplified the entire testing process because it enabled the developers to perform security tests on their own modules and to fix critical bugs right away.
The CI Fuzz testing platform also enabled the developers to mock their hardware with fuzz data. Continental story succeeded by applying feedback-based fuzzing to their software. They are now able to protect their software against edge cases and unexpected behaviors. For example, if a sensor should send unusual or erroneous inputs.