Karamba Security, a leading provider of end-to-end product security solutions, made a significant announcement at the 11th annual Escar USA automotive cybersecurity conference in Detroit and Hod Hasharon, Israel. The company revealed that BYD, a global electric vehicle (EV) manufacturer with annual revenues exceeding $13.8 billion USD, has chosen Karamba’s VCode software to create a Software Bill of Materials (SBOM) for its electronic control units (ECUs). This decision aligns with BYD’s commitment to enhancing supply chain security and complying with cybersecurity regulation UN R155.
By opting for Karamba’s VCode, BYD joins several other prominent vehicle manufacturers in the U.S., Europe, and China who use the software to establish SBOM, manage supply chain security, and ensure that firmware does not contain critical vulnerabilities that could jeopardize customer safety. Additionally, VCode enables BYD to expedite its compliance with global automotive cybersecurity regulations, which have become mandatory in many key markets around the world.
Earlier this year, BYD achieved a significant milestone by becoming the first automaker to produce seven million new energy vehicles, including both EVs and plug-in hybrid electric vehicles (PHEVs). With a presence in 64 countries and regions globally, BYD shipped 1.6 million EVs in 2023, closely trailing Tesla as the industry leader, who shipped 1.8 million EVs during the same period. Notably, BYD even surpassed Tesla in EV shipments in the fourth quarter of the previous year.
As the automotive industry faces growing safety and privacy risks related to cyber threats, regulatory bodies are increasingly focusing on mandating OEMs and suppliers to secure their devices effectively. Failure to comply with these cybersecurity regulations can lead to delays in product launches and have a significant impact on manufacturers’ businesses. Karamba’s software solutions offer a seamless way for OEMs and suppliers to enhance device security, meet global cybersecurity standards, and avoid disruptions to their research and development processes or time-to-market schedules.
Ami Dotan, the co-founder and CEO of Karamba Security, emphasized the company’s dedication to supporting OEMs from different regions in meeting stringent cybersecurity regulations and protecting their customers. Dotan highlighted the collaborative efforts between Karamba, regulators, and automotive manufacturers to fortify vehicles and global supply chains against malicious cyber activities, which pose risks to customer safety and privacy for financial or even terrorist motives.
The VCode binary analysis software, offered by Karamba Security, plays a crucial role in securing automotive ECUs and other Internet of Things (IoT) products. This software assists automotive OEMs and IoT device manufacturers in generating SBOM for their devices, identifying and rectifying supply chain cybersecurity issues before production, and prioritizing and addressing security gaps in software images. By seamlessly integrating with Continuous Integration/Continuous Design (CI/CD) pipelines or running independently on customer premises, VCode identifies vulnerabilities, including Common Vulnerabilities and Exposures (CVEs) covering a wide range of security misconfigurations and coding errors.
In conclusion, Karamba Security’s initiatives and solutions underscore the company’s commitment to fostering a secure and resilient automotive industry in an era where digital threats are increasingly prevalent. By assisting manufacturers like BYD in enhancing supply chain security and complying with cybersecurity regulations, Karamba is contributing to the collective effort to safeguard vehicles and connected devices against cyberattacks.