Skip to content

Hardware-independent automotive software testing

Automate your software testing with an AI-driven fuzzing platform for early bug and vulnerability detection, all without hardware dependencies. Enable your developers to reproduce and fix issues in minutes, not weeks.

AutomotiveHero
TRUSTED BY
google-2015-3Deutsche_Telekom_2022 1-3bosch-logo-simple 1-2Secunet_Security_Networks_Logo-2Continental_AG_logo 1-2Cariad_Logo-2ETAS-Logo-2

Three reasons to elevate your automotive software security with fuzz testing

icon-focus-testing-2-1

Find critical bugs and their root cause in minutes

White-box fuzzing is the fastest way to detect memory corruption errors and find their root cause. It analyzes source code and shows exactly where and how an issue occurs.

infinity-icon

Enable Software-in-the-Loop testing

With Code Intelligence, you can test Classic AUTOSAR Applications at the system level by using our simulator and identify real-time bugs without the need for specialized hardware.

icon-risk-assessment

Comply with industry standards

Fuzz testing is highly recommended by ISO/SAE 21434 'Road vehicles — Cybersecurity engineering', and Automotive SPICE for Cybersecurity.

“One of the biggest advantages of instrumented fuzz testing is that you can execute your code in a Software-in-the-Loop simulator. My favourite part of instrumented fuzzing is that finding the root cause is so easy, and for a manager, it means I can save budget.”
Michael von Wenckstern 2024
Michael Von WencksternProduct Cybersecurity Governance, Risk and Compliance Specialist, Continental AG
"Thanks to Code Intelligence fuzzing approaches, our security testing became significantly more effective. All our developers are now able to fix business critical bugs early in the development process, without false-positives."

 

Andreas Weichslgartner
Andreas WeichslgartnerSenior Technical Security Engineer, CARIAD
”Thanks to Code Intelligence we were able to remediate deeply hidden issues, allowing us to ensure our vehicular software’s optimal functionality and safety. Coming up with the right unit tests for these cases would have been super difficult. With Code Intelligence’s AI-powered tests, we had the first finding within hours!”
saleh-heydari
Saleh HeydariVP of Software Engineering, XOS Trucks
”Code Intelligence helps developers ship secure software by providing the necessary integrations to test their code at each pull request, without ever having to leave their favorite environment. It's like having an automated security expert always by your side.”
thomas-dohmke
Thomas DohmkeCEO, GitHub

Vulnerabilities in automotive
software are increasing

  • Despite widespread static analysis use, every year since 2019 there has been more than 200 common Vulnerabilities and Exposures identifiers (CVEs) related to automotive components and services reported.
  • The most frequent issues are memory corruption errors, e.g. buffer overflow, out-of-bounds write, out-of-bounds read, use after free.
  • Vulnerabilities found too late can lead to delayed releases, costly over-the-air updates, or even recalls. In 2023, automotive software was involved in nearly 15% of recall incidents.

Why Static Code Analysis alone can't prevent all vulnerabilities

1. Static Analysis (SAST) generates many false positives.
It reports issues that aren’t actually a problem and produces duplicates.

2. Static Analysis can’t detect all types of vulnerabilities.
Because it doesn’t analyze the program during execution, SAST can’t detect dynamic or runtime-specific issues such as complex buffer overflows, use-after-free, double-free errors, heap corruption, and others.

Learn more about its limitation and how to overcome them with fuzz testing by downloading a free copy of the white paper.

White paper - Fuzz Testing + Staticc Analysis (Mockup)


Fuzz Testing with Code Intelligence

Automate and scale your software security testing without hardware dependencies with an AI-driven fuzzing platform by Code Intelligence. Ensure compliance with ISO 21434 testing requirements.
Detect critical bugs & vulnerabilities without false positives

Code Intelligence connects to the source code and, unlike static analysis (SAST), analyzes code when executed.

Every flagged issue represents an actual issue in the running code. Most are highly critical, e.g. buffer overflows, memory corruption, and leaks.

Blog 'From simulation to success' - Visual 'Identifying bugs'
Enable your engineers to reproduce & fix issues in minutes, not in weeks

All uncovered issues are pinpointed to the exact line of code in the repository and accompanied by inputs that triggered an issue and clear actions to remediate those. So you can quickly identify the root cause, start fixing them, and release features faster.

Enable your engineers to reproduce & fix issues in minutes, not in weeks
Let AI automate the generation of test cases and mocks

CI Spark, a built-in AI assistant that leverages large language models (LLMs) and static code analysis, automatically writes thousands of test cases and generates inputs and mocks for all dependencies.

CI Spark is also helpful in identifying top candidates for fuzzing.  

CI Spark C_C++
Achieve up to 100% code coverage

Code Intelligence leverages feedback about the software under test to achieve the highest code coverage. Subsequent executions automatically generate new test cases to detect additional paths, thereby increasing code coverage.

This ensures your development teams know how much of their code was actually executed during a test and which parts need additional testing.

Blog: From simulation to success - Visual: Code coverage
Easily integrate fuzzing in your CI/CD

Integrate Code Intelligence with your CI/CD pipeline to automatically test your software with every pull request. This ensures regressions and release blockers are identified long before reaching production.

Easily integrate fuzzing in your CI_CD

Why choose Code Intelligence?

Join Industry Leaders and follow in the footsteps of companies like CARIAD, Bosch, and Continental. Detect critical bugs early in the testing stages and achieve compliance with industry standards.

Book your free demo with one of our senior engineers now and take the first step towards robust, secure software development with Code Intelligence.

  • Automate software testing for embedded systems.
  • Detect critical bugs & vulnerabilities early in the development.
  • Uncover only actual issues without false positives.
  • Enable developers to reproduce & fix issues in minutes, not weeks.
  • Ensure compliance with industry standards.

Why Volkswagen's CARIAD leverages fuzz testing

CARIAD has been building a unified software platform for all Volkswagen brands, providing them with reliable software and digital best practices.

By introducing AI-guided white-box fuzz testing to uncover deeply hidden bugs and security vulnerabilities, CARIAD was able to find and fix potentially dangerous issues early in the development process.


Security resources

Vector

White paper - How Fuzzing Complements Static Analysis

An automotive supplier using static code analysis detects 32% of bugs solely through fuzzing. Learn why static analysis isn't enough and how fuzzing complements it when testing automotive software. 
Vector

CARIAD Improves Secure Software Development

Getting ready for ISO 21434: CARIAD evaluated new testing approaches, to improve Volkswagen's software security.
Vector

White paper - Fuzz testing in ISO/SAE 21434

Even though the recommendations for ISO/SAE 21434 are not legally binding in practice, automotive companies often find themselves obligated to comply. Learn in this paper how fuzz testing can support you in achieving compliance.