VicOne and ASRG Launch Comprehensive Automotive Cybersecurity Database
VicOne, a leading automotive cybersecurity solutions provider, and the Automotive Security Research Group (ASRG), a non-profit focused on advancing automotive security, have announced a collaboration to deliver extensive automotive threat intelligence. Together, they have initiated AutoVulnDB, a dedicated database for OEMs, suppliers, and other industry players to identify and address cybersecurity vulnerabilities, securing the future of connected-car mobility.
AutoVulnDB sets a new standard for automotive cybersecurity by expanding on existing sources like the National Vulnerability Database (NVD) and MITRE CVE (Common Vulnerabilities and Exposures). It provides enhanced contextual and situational data tailored to the automotive industry, enabling better business and development decisions. Coupled with the Zero Day Initiative (ZDI) platform, the world’s largest vendor-independent bug bounty program, and the ASRG Disclosure Program, AutoVulnDB offers unparalleled vulnerability intelligence coverage.
“We are grateful for VicOne’s support and industry-leading expertise in creating the specialized AutoVulnDB CVE database. This is a first step and a work in progress as the cyberattacks never stop and only get worse,” said John Heldreth, founder of ASRG. “We encourage industry professionals, cybersecurity experts and researchers to explore the database and participate in its continuous improvement by reporting their findings. AutoVulnDB is created in a non-profit context, solely to boost automotive cybersecurity. This is a community-supported development, and we need your feedback, contributions and ideas to take the first version to the next level.”
The threat to automotive cybersecurity is rapidly increasing with the global spread of connected vehicles. In the first half of 2023 alone, over 200 vulnerabilities were reported, including a critical CPU flaw affecting multiple car brands. These vulnerabilities span various connected-car components and systems, including infotainment dashboards, operating systems, and EV chargers. Identifying and eliminating digital threats and unknown vulnerabilities before a vehicle hits the market is crucial. AutoVulnDB provides companies with an additional opportunity to deliver more secure products to the public.
“The importance to the automotive industry of timely and comprehensive vulnerability detection and remediation cannot be overstated. VicOne, as the leader of automotive cybersecurity solutions, delivers unparalleled coverage of automotive threat intelligence—from the previously unknown, to the already known but not fixed cyber issues,” said Max Cheng, chief executive officer of VicOne. “With our partnership with ASRG, we are making a long-term commitment to create a strong community to continuously and collaboratively improve automotive cybersecurity.”
Key features of AutoVulnDB include:
- A user-friendly searchable interface for easy access to relevant vulnerability information
- Both frontend and backend development to ensure a seamless user experience
- A robust and unique data pipeline incorporating quality checks and enrichment processes, ensuring information is actionable and reliable
- Links to existing automotive security intelligence available from ASRG
The partnership was announced during the Auto-ISAC Europe Cybersecurity Summit at BMW World in Munich. As a Platinum sponsor of the event, VicOne presented with ASRG a joint panel discussion, “Redefining Automotive Cybersecurity: A Life Cycle Strategy for End-to-End Risk Management.” ASRG’s John Heldreth and Brian Gorenc, vice president of threat research at Trend Micro and responsible for the ZDI program, presented, while William Dalton, vice president and managing director for Europe at VicOne, moderated a roundtable on the evolving threat landscape and practical strategies for the industry.
For more details, visit the VicOne blog: Pioneering the Future of Automotive Cybersecurity With Unparalleled Automotive Threat Intelligence.
