VicOne, a highly esteemed provider of automotive cybersecurity solutions, and the Automotive Security Research Group (ASRG), a non-profit organization dedicated to advancing the automotive security industry, have announced an exciting new partnership. Together, they will be launching AutoVulnDB, a groundbreaking database designed to provide comprehensive coverage of automotive threat intelligence. This collaboration aims to equip automotive original equipment manufacturers (OEMs), suppliers, and other industry players with the tools they need to identify and address cybersecurity vulnerabilities, ultimately ensuring the safety and security of connected-car mobility.
AutoVulnDB is a game-changer in the field of automotive cybersecurity, offering a level of coverage that surpasses existing databases such as NVD (National Vulnerability Database) and MITRE CVE (Common Vulnerabilities and Exposures). What sets AutoVulnDB apart is its industry-specific focus, providing enhanced contextual and situational data tailored to the automotive sector. In addition to leveraging the Zero Day Initiative (ZDI) platform and the ASRG Disclosure Program, AutoVulnDB promises to deliver the most comprehensive vulnerability intelligence coverage available.
John Heldreth, founder of ASRG, expressed his gratitude for VicOne’s support in creating the specialized AutoVulnDB CVE database, emphasizing the urgent need for improved cybersecurity measures in the face of escalating cyber threats. Heldreth called upon industry professionals, cybersecurity experts, and researchers to contribute to the continuous improvement of AutoVulnDB, highlighting the database’s non-profit, community-driven nature.
With the increasing prevalence of connected vehicles, the automotive industry is under greater threat from cyber attacks than ever before. In fact, over 200 vulnerabilities, including a critical central processing unit (CPU) flaw affecting multiple car brands, were reported in the first half of 2023 alone. These vulnerabilities can compromise a wide range of connected-car components and systems, including infotainment dashboards, operating systems, and electric vehicle chargers. Identifying and eliminating digital threats and vulnerabilities before vehicles hit the market is crucial, and AutoVulnDB aims to empower companies to deliver more secure products to the public.
Max Cheng, CEO of VicOne, stressed the crucial role of timely and comprehensive vulnerability detection and remediation in the automotive industry. Cheng reaffirmed VicOne’s dedication to providing unparalleled coverage of automotive threat intelligence, underscoring the importance of their partnership with ASRG in creating a robust community focused on continuously improving automotive cybersecurity.
Key features of AutoVulnDB include a user-friendly searchable interface, seamless user experience, a robust data pipeline incorporating quality checks and enrichment processes, and links to existing automotive security intelligence available from ASRG.
The partnership between VicOne and ASRG was announced at the Auto-ISAC Europe Cybersecurity Summit, where the two organizations presented a joint panel discussion alongside other industry leaders. The event also featured a roundtable discussion on the need for an overhaul of current risk management practices in the face of evolving cyber threats.
In conclusion, the collaboration between VicOne and ASRG represents a significant milestone in the ongoing effort to enhance automotive cybersecurity. By leveraging their combined expertise, they aim to equip the automotive industry with the tools and knowledge needed to address the growing threat of cyber attacks and vulnerabilities. This partnership serves as a testament to their unwavering commitment to securing the vehicles of tomorrow.
For more information on this exciting development, please visit VicOne’s blog: Pioneering the Future of Automotive Cybersecurity With Unparalleled Automotive Threat Intelligence.