VicOne, a leader in automotive cybersecurity solutions, has announced a groundbreaking collaboration with Microsoft aimed at empowering vehicle software developers to proactively secure firmware and provide comprehensive protection throughout the automotive software lifecycle. This partnership enables manufacturers of software-defined vehicles (SDVs) to leverage cutting-edge automotive threat intelligence, improve code development processes, and benefit from enhanced continuous integration (CI) and automated security analysis capabilities. The result is an innovative Developer, Security, and Operations (DevSecOps) workflow that ensures seamless security integration.
“The DevSecOps workflow enabled by our collaboration with Microsoft offers unprecedented benefits to software developers and automotive OEMs (original equipment manufacturers) alike,” said Max Cheng, CEO of VicOne. “Developers realize a more efficient and effective path for rolling out innovative software solutions of proven security, while automakers are enabled to perform self-assessment not only of their own software but also for solutions from providers across their complex supply chains. The end-to-end protection enabled by this collaboration stands to transform the automotive software lifecycle and marketplace.”
VicOne xZETA Now Integrates Seamlessly Through GitHub
Through this collaboration, automotive software developers gain access to a streamlined and robust workflow for securing their software. This is achieved by integrating GitHub Advanced Security for Azure DevOps for source code analysis, VicOne xZETA for binary analysis, and the patent-pending VicOne Vulnerability Impact Ratings (VVIRs). The resulting end-to-end solution is designed to operate seamlessly on Microsoft Azure infrastructure, leveraging:
- Microsoft Visual Studio Code and GitHub Copilot to assist developers in writing secure and efficient code.
- GitHub Advanced Security for secret scanning and comprehensive source code analysis.
- VicOne xZETA for real-time firmware and binary vulnerability analysis with detailed ratings.
Also Read: Togg & HERE Partner for AI-Driven Navigation and Safety
VicOne xZETA is already integrated within GitHub, offering developers a smooth and effective development process.
“By addressing vulnerabilities at both source and binary levels, our collaboration with VicOne sets a new standard for secure automotive software innovation,” said Dayan Rodriquez, Corporate Vice President, Manufacturing & Mobility, Microsoft. “In bringing to bear strong and unique automotive threat intelligence, this collaboration of our companies’ diverse security expertise creates a more efficient, effective and seamless workflow that enables the faster development of innovative automotive technologies while simultaneously improving vehicle safety and security.”
Advanced Security Features to Accelerate Secure Development
GitHub Advanced Security, powered by artificial intelligence, offers static analysis, secret scanning, and software composition analysis. This ensures that developer and security teams can collaborate effectively to deliver secure software quickly, without compromising productivity.
VicOne’s xZETA further enhances security by using its unique Vulnerability Impact Ratings (VVIRs), which integrate both external and internal data to prioritize high-risk vulnerabilities. This allows developers to rapidly identify critical issues and implement countermeasures. Additionally, the insights provided by xZETA feed directly into Threat and Risk Assessment (TARA) results, aligning with the ISO 21434 standard for “Road Vehicles — Cybersecurity Engineering” and supporting continuous monitoring.
Unlike traditional vulnerability management platforms that primarily focus on known open-source vulnerabilities, xZETA provides superior visibility into zero-day, undisclosed, and known vulnerabilities. It also addresses Common Weakness Enumeration (CWE), advanced persistent threats (APTs), and ransomware. VicOne’s xZETA surpasses the National Vulnerability Database (NVD) by over 189%, delivering unparalleled detection coverage and elevating cybersecurity standards in the automotive industry.