Source: Getty Images/BeeBright

BYD selects Karamba's VCode to create a software bill of materials, manage supply-chain security and ensure firmware is free from vulnerabilities

BYD has selected Karamba Security's VCode to comply with global automotive cybersecurity regulations. The Chinese electric vehicle manufacturer will use Karamba’s VCode to create a software bill of materials (SBOM) for electronic control units (ECUs), manage supply-chain security and ensure that firmware used is free from critical vulnerabilities. This move will also help BYD's compliance with mandatory cybersecurity regulations in many major global markets.

Karamba Security is a specialist in end-to-end product cybersecurity, including automotive ECUs, and other internet of things and edge products. With the rise of safety and privacy risks brought about by vehicle and IoT product hacking, regulators have made it compulsory for original equipment manufacturers and suppliers to secure their devices. Karamba's software solutions allow OEMs and suppliers to meet global cybersecurity regulations without disrupting research and development or product time to market.

According to Karamba, its VCode helps customers to automatically create an SBOM of their devices and automatically identifies cybersecurity issues in their supply chain and addresses them before production. The solution identifies, prioritizes and mitigates security gaps in the software image and serves as a product security scorecard both internally and for customers and auditors.

VCode binary analysis software works seamlessly with continuous integration/continuous design (CI/CD) pipelines or runs stand-alone on customers' premises. It identifies vulnerabilities covering a wide range of security misconfigurations and coding errors including weak passwords, risky tools, suspicious data, unsecure binaries and more.

“Karamba Security is proud to help successfully bridge U.S., European, Chinese and other nations’ OEMs with their global markets by ensuring they meet rigid cybersecurity regulations and protect their customers,” said Ami Dotan, co-founder and CEO of Karamba Security. “Karamba, regulators and automotive manufacturers are united in our commitment to secure vehicles and global supply chains against hackers, who are blind to nationality and are willing to put customer safety and privacy at risk for financial or terrorist reasons.”

Contacts

Copyright © 2024 S&P Global Inc. All rights reserved.

These materials, including any software, data, processing technology, index data, ratings, credit-related analysis, research, model, software or other application or output described herein, or any part thereof (collectively the “Property”) constitute the proprietary and confidential information of S&P Global Inc its affiliates (each and together “S&P Global”) and/or its third party provider licensors. S&P Global on behalf of itself and its third-party licensors reserves all rights in and to the Property. These materials have been prepared solely for information purposes based upon information generally available to the public and from sources believed to be reliable.
Any copying, reproduction, reverse-engineering, modification, distribution, transmission or disclosure of the Property, in any form or by any means, is strictly prohibited without the prior written consent of S&P Global. The Property shall not be used for any unauthorized or unlawful purposes. S&P Global’s opinions, statements, estimates, projections, quotes and credit-related and other analyses are statements of opinion as of the date they are expressed and not statements of fact or recommendations to purchase, hold, or sell any securities or to make any investment decisions, and do not address the suitability of any security, and there is no obligation on S&P Global to update the foregoing or any other element of the Property. S&P Global may provide index data. Direct investment in an index is not possible. Exposure to an asset class represented by an index is available through investable instruments based on that index. The Property and its composition and content are subject to change without notice.

THE PROPERTY IS PROVIDED ON AN “AS IS” BASIS. NEITHER S&P GLOBAL NOR ANY THIRD PARTY PROVIDERS (TOGETHER, “S&P GLOBAL PARTIES”) MAKE ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, FREEDOM FROM BUGS, SOFTWARE ERRORS OR DEFECTS, THAT THE PROPERTY’S FUNCTIONING WILL BE UNINTERRUPTED OR THAT THE PROPERTY WILL OPERATE IN ANY SOFTWARE OR HARDWARE CONFIGURATION, NOR ANY WARRANTIES, EXPRESS OR IMPLIED, AS TO ITS ACCURACY, AVAILABILITY, COMPLETENESS OR TIMELINESS, OR TO THE RESULTS TO BE OBTAINED FROM THE USE OF THE PROPERTY. S&P GLOBAL PARTIES SHALL NOT IN ANY WAY BE LIABLE TO ANY RECIPIENT FOR ANY INACCURACIES, ERRORS OR OMISSIONS REGARDLESS OF THE CAUSE. Without limiting the foregoing, S&P Global Parties shall have no liability whatsoever to any recipient, whether in contract, in tort (including negligence), under warranty, under statute or otherwise, in respect of any loss or damage suffered by any recipient as a result of or in connection with the Property, or any course of action determined, by it or any third party, whether or not based on or relating to the Property. In no event shall S&P Global be liable to any party for any direct, indirect, incidental, exemplary, compensatory, punitive, special or consequential damages, costs, expenses, legal fees or losses (including without limitation lost income or lost profits and opportunity costs or losses caused by negligence) in connection with any use of the Property even if advised of the possibility of such damages. The Property should not be relied on and is not a substitute for the skill, judgment and experience of the user, its management, employees, advisors and/or clients when making investment and other business decisions.

The S&P Global logo is a registered trademark of S&P Global, and the trademarks of S&P Global used within this document or materials are protected by international laws. Any other names may be trademarks of their respective owners.

The inclusion of a link to an external website by S&P Global should not be understood to be an endorsement of that website or the website's owners (or their products/services). S&P Global is not responsible for either the content or output of external websites. S&P Global keeps certain activities of its divisions separate from each other in order to preserve the independence and objectivity of their respective activities. As a result, certain divisions of S&P Global may have information that is not available to other S&P Global divisions. S&P Global has established policies and procedures to maintain the confidentiality of certain nonpublic information received in connection with each analytical process. S&P Global may receive compensation for its ratings and certain analyses, normally from issuers or underwriters of securities or from obligors. S&P Global reserves the right to disseminate its opinions and analyses. S&P Global Ratings’ public ratings and analyses are made available on its sites, www.spglobal.com/ratings (free of charge) and www.capitaliq.com (subscription), and may be distributed through other means, including via S&P Global publications and third party redistributors.