Joint CVE database, uniquely optimized for easy use by decision-makers across the automotive industry, sets standard for cybersecurity in the global sector
DALLAS & TOKYO — VicOne, a leading provider of automotive cybersecurity solutions, and the Automotive Security Research Group (ASRG), a nonprofit organization focused on the advancement of the automotive security industry, today announced a close collaboration to deliver the most comprehensive coverage of automotive threat intelligence. VicOne and ASRG have initiated AutoVulnDB, a dedicated database for automotive original equipment manufacturers (OEMs), suppliers, and other players in the industry to discover and fix cybersecurity vulnerabilities and secure the future of connected-car mobility.
The new database from VicOne and ASRG sets the standard for automotive cybersecurity. AutoVulnDB complements and expands upon existing sources of vulnerabilities provided by NVD (National Vulnerability Database) and MITRE CVE (Common Vulnerabilities and Exposures) to uniquely provide enhanced contextual and situational data that is specific to the automotive industry. Providing a more industry-specific solution, AutoVulnDB enables additional use cases and enrichment, allowing a better fit to the automotive industry for making better and faster business and development decisions. Together with the proven Zero Day Initiative (ZDI) platform, the world’s largest vendor-independent bug bounty program, and the ASRG Disclosure Program, AutoVulnDB offers the most comprehensive vulnerability intelligence coverage.
“We are grateful for VicOne’s support and industry-leading expertise in creating the specialized AutoVulnDB CVE database. This is a first step and a work in progress as the cyberattacks never stop and only get worse,” said John Heldreth, founder of ASRG. “We encourage industry professionals, cybersecurity experts and researchers to explore the database and participate in its continuous improvement by reporting their findings. AutoVulnDB is created in a nonprofit context, solely to boost automotive cybersecurity. This is a community-supported development, and we need your feedback, contributions and ideas to take the first version to the next level.”
During the Auto-ISAC European Cybersecurity Summit at BMW World in Munich, VicOne’s William Dalton, VP and Managing Director for Europe, introduced a panel on “Redefining Automotive Cybersecurity: A Life Cycle Strategy for End-to-End Risk Management.”
With the global spread of connected vehicles, the threat to cybersecurity in the automotive industry is rapidly increasing. In the first half of 2023 alone, over 200 vulnerabilities were reported, including a critical central processing unit (CPU) flaw affecting multiple car brands. This applies to various connected-car components and systems, including infotainment dashboards, operating systems (OS) and electric vehicle (EV) chargers. One of the principles of maintaining cybersecurity in the automotive industry is to identify and eliminate digital threats and previously unknown vulnerabilities before a vehicle hits the market. With AutoVulnDB, VicOne and ASRG empower companies with an additional opportunity to provide more secure products for the public.
“The importance to the automotive industry of timely and comprehensive vulnerability detection and remediation cannot be overstated. VicOne, as the leader of automotive cybersecurity solutions, delivers unparalleled coverage of automotive threat intelligence — from the previously unknown to the already known but not fixed cyber issues,” said Max Cheng, chief executive officer of VicOne. “With our partnership with ASRG, we are making a long-term commitment to create a strong community to continuously and collaboratively improve automotive cybersecurity.”
Key features of AutoVulnDB include:
- User-friendly searchable interface designed for easy access to relevant vulnerability information
- Both front-end and back-end development to ensure seamless user experience
- Robust and unique data pipeline incorporating quality checks and enrichment processes, ensuring information is actionable and reliable
- Links to existing automotive security intelligence available from ASRG
During the Auto-ISAC European Cybersecurity Summit at BMW World in Munich, VicOne and ASRG hosted a joint panel discussion on “Redefining Automotive Cybersecurity: A Life Cycle Strategy for End-to-End Risk Management” with: Gosimo Senni Guidotti Magnani, Global Cybersecurity Manager at Stellantis; Brian Gorenc, VP of Threat Research at Trend Micro; John Heldreth, Founder of ASRG; and William Dalton, VP and Managing Director for Europe at VicOne.
The partnership was announced during the Auto-ISAC European Cybersecurity Summit at BMW World in Munich. A Platinum sponsor of the event, VicOne presented with ASRG a joint panel discussion, ‘’Redefining Automotive Cybersecurity: A Life Cycle Strategy for End-to-End Risk Management.” ASRG’s John Heldreth and Brian Gorenc, Vice President of Threat Research at Trend Micro and responsible for the ZDI program, presented and William Dalton, Vice President and Managing Director for Europe at VicOne, moderated a roundtable on why current risk management needs an overhaul for the evolving threat landscape and offered practical strategies to help the industry address its unique challenges.
Additional information is available on the VicOne blog: Pioneering the Future of Automotive Cybersecurity With Unparalleled Automotive Threat Intelligence.
About ASRG
ASRG is a nonprofit initiative with an unwavering dedication to advancing security solutions for automotive products. Since its inception in 2017, ASRG has grown exponentially, boasting over 15,000 members across 65 locations worldwide. Make an impact, join us in shaping the future of automotive security. asrg.io/
About VicOne
With a vision to secure the vehicles of tomorrow, VicOne offers a broad portfolio of cybersecurity software and services for the automotive industry. VicOne’s solutions are specifically designed to meet the stringent requirements of automotive manufacturers and are engineered to meet the unique needs of modern vehicles. As a subsidiary of Trend Micro, VicOne is built on a solid foundation in cybersecurity resulting from Trend Micro’s 30+ years of experience in the industry. VicOne provides unparalleled protection for the automotive industry and deep security expertise that enables our customers to build safe and smart vehicles. For more information, please visit vicone.com.
Media Contact
Myla Pilao
myla_pilao@vicone.com
