Part 1 — Automotive Software Security Readiness: A Researcher’s Field Guide
Are You Ready for UN R155? The Real Work Behind Automotive Software Security Compliance
Modern vehicles are software systems on wheels with over 100 ECUs, millions of lines of code, and globally distributed supply chains.
The UNECE regulations R155 and R156 have transformed cybersecurity and software update management into conditions for type approval.
If you build or secure automotive software, you must be able to prove that you can defend it.
The Regulatory Stack That Matters
Each standard ultimately asks the same question: can you show that your controls work?
Readiness Means Proof, Not Paperwork
A defensible security posture aligns three capabilities:
- Governance – ownership, accountability, supplier oversight
- Engineering – security embedded in code, updates, and telemetry
Response – measurable incident handling and remediation evidence
Control Mapping — From Mandate to Mechanism
Readiness converts regulatory requirements into verifiable engineering artifacts.
Runtime Proof as the New Baseline
Auditors now seek runtime evidence rather than static compliance documents.
Telemetry, exploitability validation, and continuous monitoring demonstrate control effectiveness in real operating conditions.
This closes Part 1.
Part 2 will examine how runtime analysis and exploit intelligence extend these requirements into measurable proof.
References
- Applied Intuition. (2023). ISO/SAE 21434: Shaping automotive cybersecurity.
- Cybellum. (2023). Introduction to automotive cybersecurity regulations.
- European Commission. (2024). Cyber Resilience Act: Proposal and implementation overview.
- International Organization for Standardization. (2021). ISO/SAE 21434: Road vehicles – Cybersecurity engineering.
- National Highway Traffic Safety Administration. (2022). Cybersecurity best practices for the safety of modern vehicles (Report DOT HS 813 417).
- United Nations Economic Commission for Europe. (2021). UN Regulation No. 155: Cybersecurity and cybersecurity management system requirements.
- United Nations Economic Commission for Europe. (2021). UN Regulation No. 156: Software update processes and management systems.
- Verband der Automobilindustrie (VDA). (2023). Trusted Information Security Assessment Exchange (TISAX) Assessment Levels Guide.
Related blogs
.png)
AppSec for Healthcare Providers: Securing Hospitals & Health Systems in a Cloud-Driven Era
Healthcare providers are at the forefront of delivering critical care, but increasingly depend on digital systems, from EHR platforms to telehealth portals, to operate effectively. As hospitals and health systems modernize IT landscapes, the attack surface has expanded dramatically, with cloud apps, SaaS infrastructure, and interoperability mandates introducing both opportunity and risk. AppSec isn’t just a technical concern, it's foundational to patient trust, regulatory compliance and clinical continuity.
2
.png)
AppSec for Health SaaS & Health Tech Companies: Building Trust with Secure Platforms
Health SaaS and Health Tech vendors are powering the digital transformation of care delivery, administrative workflows, revenue cycles, and patient engagement. However, with great reach comes great risk: every SaaS application holds sensitive health data and must navigate both market expectations and strict regulations. Building AppSec into your product isn’t optional, it’s a market differentiator and a trust signal.
1
.png)
AppSec for Payers: Insurance & Healthcare Payers Must Secure the Ecosystem
Healthcare payers, insurance companies and health plans, sit at the nexus of clinical services, member data, and financial risk. As digital tools take on more responsibility for claims processing, provider network management, and member engagement, payer platforms become high-value targets for attackers. AppSec for payers isn’t just about securing code; it’s about protecting financial integrity, member data and regulatory compliance while enabling agile plan operations.
1
A Primer on Runtime Intelligence
See how Kodem's cutting-edge sensor technology revolutionizes application monitoring at the kernel level.
Platform Overview Video
Watch our short platform overview video to see how Kodem discovers real security risks in your code at runtime.
The State of the Application Security Workflow
This report aims to equip readers with actionable insights that can help future-proof their security programs. Kodem, the publisher of this report, purpose built a platform that bridges these gaps by unifying shift-left strategies with runtime monitoring and protection.
.png)
Get real-time insights across the full stack…code, containers, OS, and memory
Watch how Kodem’s runtime security platform detects and blocks attacks before they cause damage. No guesswork. Just precise, automated protection.
