Solutions - ISO 21434 Compliance

The role of fuzz testing in ISO/SAE 21434

ISO/SAE 21434 'Road vehicles — Cybersecurity engineering' specifically recommends fuzz testing for cybersecurity validation and verification during product development.

ISO/SAE 21434 suggests fuzz testing as a method for uncovering software weaknesses. Additionally, ISO specifies that the sufficiency of tests should be assessed by evaluating code coverage.

Fuzz testing is also required for components rated Cybersecurity Assurance Levels (CAL) 2 or higher, with advanced fuzz testing recommended for CAL 3 and CAL 4.

“Using fuzz testing by Code Intelligence helped our team pass ASPICE for Cybersecurity assessments and obtain ISO 21434 certification. Our products are now more secure. We presented the OEM with the fuzzing results and received positive feedback.”

Eckart HeyneProduct Cybersecurity and Privacy Officer, Continental AG

"Thanks to Code Intelligence fuzzing approaches, our security testing became significantly more effective. All our developers are now able to fix business critical bugs early in the development process, without false-positives."

Andreas WeichslgartnerSenior Technical Security Engineer, CARIAD

”Thanks to Code Intelligence we were able to remediate deeply hidden issues, allowing us to ensure our vehicular software’s optimal functionality and safety. Coming up with the right unit tests for these cases would have been super difficult. With Code Intelligence’s AI-powered tests, we had the first finding within hours!”

Saleh HeydariVP of Software Engineering, XOS Trucks

”Code Intelligence helps developers ship secure software by providing the necessary integrations to test their code at each pull request, without ever having to leave their favorite environment. It's like having an automated security expert always by your side.”

Thomas DohmkeCEO, GitHub

Detect critical bugs & vulnerabilities without false positives

Code Intelligence connects to the source code and, unlike static analysis (SAST), analyzes code when executed.

Every flagged issue represents an actual issue in the running code. Most are highly critical, e.g. buffer overflows, memory corruption, and leaks.

Blog 'From simulation to success' - Visual 'Identifying bugs'

Enable your engineers to reproduce & fix issues in minutes, not in weeks

All uncovered issues are pinpointed to the exact line of code in the repository and accompanied by inputs that triggered an issue and clear actions to remediate those. So you can quickly identify the root cause, start fixing them, and release features faster.

Let AI automate the generation of test cases and mocks

CI Spark, a built-in AI assistant that leverages large language models (LLMs) and static code analysis, automatically writes thousands of test cases and generates inputs and mocks for all dependencies.

CI Spark is also helpful in identifying top candidates for fuzzing.

Achieve up to 100% code coverage

Code Intelligence leverages feedback about the software under test to achieve the highest code coverage. Subsequent executions automatically generate new test cases to detect additional paths, thereby increasing code coverage.

This ensures your development teams know how much of their code was actually executed during a test and which parts need additional testing.

Easily integrate fuzzing in your CI/CD

Integrate Code Intelligence with your CI/CD pipeline to automatically test your software with every pull request. This ensures regressions and release blockers are identified long before reaching production.