RUB » Bibliotheksportal

David Förster

• As connectivity and the amount of software in modern vehicles rises, keeping them secure throughout their lifetime becomes both more important and more challenging. Recent cybersecurity regulation increases the pressure on car makers and suppliers to find solutions for long-term cybersecurity support, not to mention other drivers for software maintenance beside cybersecurity. In this paper, we examine the challenge of providing long-term updates for in-vehicle software. We review current automotive software development practices and their constraints regarding long-term updates. Furthermore, we examine the collaboration and business models, and propose extending them to include the vehicle operations phase. Looking ahead, we find that a two-fold approach is required to solve these challenges. In the short-term, binding maintenance agreements are needed to provide assurance to OEMs and to help suppliers plan ahead and preserve the capabilities to provide software updates. This is essential to react quickly in case of an incident. The maintenance duration must be carefully selected as effort and cost rise sharply over time and excessive maintenance periods may bring unacceptable costs to end users. In the long-term, we observe an industry trend moving towards continuously developed software platforms that are deployed regularly even to older vehicles, potentially requiring hardware upgrades where performance is no longer sufficient. This model will alleviate the need to maintain many different software branches at the same time and will make long-term updates more efficient.