Automotive Electronics Industry
Landing Practice of Digital Supply Chain Security Governance in the Automotive Electronics Industry
Business Requirements
With the rapid and collaborative development of the automotive industry towards connectivity, intelligence, electrification, and sharing, OTA (Over-the-Air) technology, in-vehicle systems, and mobile applications are increasingly interconnected, significantly expanding the attack surface of the Internet of Vehicles (IoV) digital supply chain. Risks from open source components, suppliers, and vehicle hardware pose severe threats to enterprises and car owners, leading to growing calls for improved automotive security mechanisms and enhanced safety protection capabilities.
Solution
Technical Architecture
Achieve full-lifecycle security governance for the automotive digital supply chain, spanning from design and development to operation.Core Foundation: Centered on the Xcheck SCA Open Source Threat Management Platform, establish an enterprise-level software supply chain risk assessment system to inventory existing assets and conduct security reviews for all types of procured and self-developed software;Data Interconnection: Leverage the SBOM (Software Bill of Materials) generated by Xcheck SCA as the interface to describe and locate asset information, bridging the gap between R&D and operations to enhance vulnerability response efficiency;Pre-Launch Validation: Implement a pre-deployment review mechanism through the Xmaze IAST Security Testing Platform , ensuring runtime security of delivery systems in test environments;Runtime Protection: Integrate the Xshark RASP adaptive cloud defense platform to continuously provide threat protection, self-immunity, and hot-patchingcapabilities. This safeguards the operational security of Internet of Vehicles (IoV) software during the post-deployment phase, enables timely response to 0-Day vulnerabilities, and achieves a closed-loop management of supply chain risks.
Achievements and Benefits
Powered by core technologies including SCA, SBOM, and AI-driven intelligent code vaccine, the agile security toolchain helps IoV enterprises establish a symbiotic active defense system. Key outcomes include:Building symbiotic self-immunity capabilities at the application layer,Embedding digital supply chain risk management technologies across the full business lifecycle,Developing supplier risk profiles and supply chain asset inventories tailored to enterprise-specific needs,Effectively mitigating security risks from the supplier side,Enhancing capabilities in detecting, preventing the spread of, and responding to supply chain attacks and malicious infiltrations.
Honorary Recognition
BYD Wins CAICT's "2024 Security Guardian Program Excellent Case"
Based on Xmirror Security's 4th-Generation DevSecOps digital supply chain security management system, BYD's open source governance practice comprehensively addresses in-depth open source security risks across the digital supply chain of intelligent connected in-vehicle applications. These risks span third-party open source components, multi-layer dependencies, code cloning, open source license compliance, binary artifacts, and runtime applications throughout the development, testing, procurement, and operation phases. The practice enables continuous risk assessment and rapid response to critical vulnerabilities in the digital supply chain amid the Software-Defined Vehicle (SDV) transformation, earning BYD the "2024 Excellent Case" award at CAICT's Security Guardian Program.
Scan the QR code for access to the detailed scheme of the award - winning case.