Menu
     Industry

    Automotive

     Department

    Development

     Size

    > 230 000 Employees

     Location

    Hannover, Germany

    The Results

    Developing Secure Infotainment Systems Faster

     Increased Code Coverage

    Continental automated their security testing and increased their code coverage (now above 95% in most modules). 

     Increased Development Speed

    The smart bug detection and advanced debugging features of the CI Fuzz testing platform helped the development team to fix all business-critical bugs in the evaluation project within only one week.

      ISO 21434/UNECE WP.29 Compliance

    Feedback-based fuzzing enables Continental to comply with automotive software security standards such as UNECE WP.29 and ISO/SAE 21434.

    Improved Bug Reporting

    The CI Fuzz testing platform comes with a detailed bug reporting and insights for each finding. Project managers are now able to automatically report and prove which inputs lead to bugs and critical behavior and how much progress the business unit made since the last sprint.

    Car illustrations by Storyset https://storyset.com/car
    Continental on Fuzzing
    "Only 1% of all our security tests done for the project where CI Fuzz was used were fuzz tests, but through them, we find about 57% of all vulnerabilities.” 
    Victor Marginean CONTINENTAL
    Victor Marginean
    Global Head of Cybersecurity & Privacy Business Unit HMI // Continental 
    Watch CI Fuzz Demo

    The First Challenge

    Realizing Modern Security Tests In An
    Embedded Automotive Architecture

    Continentals HMI business unit develops systems and solutions for the human machine interface of modern road vehicles. For example, display solutions, head-up displays and cockpit high performance computers. HMI makes processing and managing information simple, intuitive, and reliable.

    Infotainment systems in modern vehicles usually communicate with a whole range of external embedded sensors. These dependencies add an additional layer of complexity for security testing, as they typically require plenty of manual effort.

     Writing Test Harnesses

    Although the Public API documentation is usually available, developers need to write plenty of test harnesses, which is incredibly time-consuming.

     Hardware Dependencies

    Developers have to secure the communication between the Hardware-Dependent-API and the hardware.

    Car illustrations by Storyset https://storyset.com/car

    The Second Challenge

    Complying With ISO 21434/UNECE WP.29

    As a result of the new ISO/SAE 21434 and UNECE WP.29, many car producers (OEMs) are extending their software testing activities. The standard holds regulations for software devices within vehicles, along with their connectivity to external systems.

     Implementing Fuzz Testing

    The ISO 21434 and UNECE WP.29 recommend OEMs to integrate feedback-based fuzz testing into their DevOps processes and define new requirements for software security engineering.

     How to Get the Developers on Board

     Open-source fuzzing solutions are already very effective, but they still require manual tuning and follow-up work for developers. Continental was looking for a professional fuzzing solution they can easily apply in automotive architecture.

    Data illustrations by Storyset https://storyset.com/illustration

    The Solution

    CI Fuzz Testing Platform

    Continental implemented the CI Fuzz testing platform in their CI/CD to improve their code quality and development speed. CI Fuzz is a CI/CD-agnostic platform for automated security testing. The platform helps developers protect themselves against unexpected edge cases. It empowers them to fix bugs during development and to achieve reproducible testing results.

    CI Fuzz Testing Results
    Watch Demo

    The Success

    Fuzzing Embedded Systems With Dependencies

    The CI fuzz testing platform makes it possible to apply modern fuzz testing approaches in an early stage of the software development process. This has automated and simplified the entire testing process because it enabled the developers to perform security tests on their own modules and to fix critical bugs right away.

    The CI Fuzz testing platform also enabled the developers to mock their hardware with fuzz data. Continental story succeeded by applying feedback-based fuzzing to their software. They are now able to protect their software against edge cases and unexpected behaviors. For example, if a sensor should send unusual or erroneous inputs.

    Get Started With CI Fuzz

    Contact our developers to uncover how the CI Fuzz testing platform can help you provide secure and reliable software.

    Get Started