By Aaron Chu (Senior Engineering Manager) and Blade Chen (Senior Engineering Manager)
In March 2023, the VicOne team was awarded the ASPICE CL2 certificate from DEKRA. This is a mark of assurance for the development process demonstrated by VicOne. ASPICE (Automotive Software Process Improvement and Capability dEtermination) aka Automotive SPICE ensures that best practices and processes are used in software development for the automotive industry.
The VicOne team worked with DEKRA, a distinguished vehicle inspection and evaluation company based in Germany, to undergo ASPICE assessment. Based on the ASPICE process reference model, VicOne fit under three out of eight process groups, namely, system engineering, software engineering, and support. VicOne was accordingly evaluated for 11 processes that fell under these groups. VicOne demonstrated its capability in these 11 processes and thus was awarded ASPICE CL2 (Capability Level 2) certification.
The significance of meeting the ASPICE standard
SPICE or ISO 33061 was created to improve software development practices. ASPICE, created in 2005, is a domain-specific version of SPICE meant to provide better guidance for the automotive industry. Ensuring that ASPICE assessment requirements are met implies that a development team’s procedures have undergone a rigorous evaluation process to eliminate any source of flaws and gaps in its products.
A mark of quality
ASPICE is based on the V-model of software development. This means that assessment and testing are done at every step of development. Aside from the V-model, ASPICE evaluates the presence of other supporting processes to better ensure quality. This meticulous process eliminates problems early in the development phase and reduces the chance of security flaws making it through to the final stages. From an OEM’s standpoint, the OEM can rely on an ASPICE certification to determine whether developers meet their requirements.
Preparation for the road ahead
Aside from assurance quality, ASPICE also helps developers prepare for imminent challenges faced by the automotive industry. More governance will likely be instituted on the automotive industry to address cyberthreats. ASPICE also provides a helpful framework for implementing more complex technologies, especially amid the rapid innovation in the automotive industry. Overall, ASPICE is an advantageous tool in facing a growing market and its shifting security demands.
Assurance of process improvement
Software developers who are willing to undergo ASPICE evaluation demonstrate not only confidence in their process but also an openness to constantly improving their standards. ASPICE evaluation involves not only ticking a checklist of processes and steps but also finding areas for improvement especially for future projects.
A good step forward
In the past decade, the modern car rapidly transformed to become a more connected and complex version of the traditional car. Often described as a computer on wheels, it now runs on about 100 million lines of code. Indeed, software now figures prominently in the build of many cars today.
More stringent regulations and standards define the road toward smarter, safer, and more secure vehicles. Among them is ASPICE. From a security perspective, it also greatly adheres to the principle of “secure by design,” thanks to the influence of the V-model in its assessment process.
Through this assessment, VicOne has demonstrated the strength of its engineering processes and knowledge of the ASPICE requirements. It has also garnered insights from the evaluation to better improve process strategies. All in all, VicOne sees its ASPICE CL2 certification as a good step forward in honing its processes for other certifications — one that is aligned with its goal of providing future-ready cybersecurity solutions.
