Episode 257: Securing Software on Wheels with Dennis Kengo Oka of Synopsys

https://is1-ssl.mzstatic.com/image/thumb/Podcasts122/v4/ba/d8/2e/bad82e93-4808-378e-51db-7998969753df/mza_14911023975293012637.png/600x600bb.jpg

The Security Ledger Podcasts

The Security Ledger

9 episodes

8 months ago

In this, our 70th episode of The Security Ledger podcast, we speak withXu Zou of the Internet of Things security startup Zingbox about the challenges of securing medical devices and clinical networks from cyber attack. Also: we take a look at the turmoil that has erupted around the OWASP Top 10, a list of common application security foibles. And finally: open source management vendor Black Duck Software announced that it was being acquired for more than half a billion dollars. We sit down with Black Duck CEO Lou Shipley to talk about the software supply chain and to hear what's next for his company.

All content for The Security Ledger Podcasts is the property of The Security Ledger and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Episode 257: Securing Software on Wheels with Dennis Kengo Oka of Synopsys

The Security Ledger Podcasts

34 minutes 9 seconds

1 year ago

Episode 257: Securing Software on Wheels with Dennis Kengo Oka of Synopsys

In this episode of The Security Ledger Podcast (#257) Paul speaks with Dennis Kengo Oka, a senior principal automotive security strategist at the firm Synopsys about the growing cyber risks to automobiles as connected vehicle features proliferate in the absence of strong cybersecurity protections.

[Video Podcast] | [MP3] | [Transcript]

Almost from the get-go, automobiles symbolized a kind of dynamic and restless American identity. The auto industry epitomized U.S.’s vibrant and innovative economy. With the help of some serious federal dollars, they also became indispensable parts of 20th century American life. By the 1950s, accepted wisdom was that automobiles and the automotive industry were inextricably linked to the well being of the U.S. – what’s good for GM is good for the United States, and vice versa – as the saying went.

Dennis Kengo Oka is a senior principal automotive security strategist.

But all that romanticizing of cars and the cheerleading of the powerful and influential auto industry forestalled much-needed oversight of vehicles. The auto industry fought calls for federal auto safety rules and requirements for decades, arguing that driver error and unsafe roads were responsible for accidents, not their vehicles.

A four decade delay in vehicle safety regulation

It wasn’t until the mid 1960s that Congress got around to passing the National Traffic and Motor Vehicle Safety Act in the wake of the publication of Ralph Nader’s Unsafe at Any Speed – an expose of how the auto industry prioritized style and features over safety. By that time, automobile accidents were responsible for 49,000 deaths, 1.8 million minor injuries, and $8.5 billion in damages, lost wages, and medical expenses annually. (By comparison, 46,980 people died in auto accidents in the U.S. in 2021, despite the fact that the number of registered vehicles on the roads has more than tripled in the intervening years, from around 90 million vehicles in 1965 to more than 280 million in 2021.)

Since then, the auto industry’s tune on vehicle safety has done a 180 degree turn. Safety features -like airbags and collision avoidance – and vehicle safety ratings are, today, a key selling point for cars. But that focus on safety doesn’t extend to the software that increasingly runs our vehicles.

Vehicle safety? Critical! Vehicle software safety…umm….

As with the advent of the automobile in the first decades of the 20th century, the arrival of the “smart car” in the first decades of the 21st century has transpired as an industry-led initiative transpiring in a vacuum of government oversight, regulation and guidance. The result: exploitable cyber-physical software flaws were documented starting as early as 2011, with a dramatic display of the potential to use software...