Perforce's 2024 State of Automotive Software Development Report Reveals Embedded Security Is a Rising Concern as Market Transitions to Electric Vehicles

MINNEAPOLIS, April 9, 2024 – Perforce Software, a provider of solutions for enterprise teams requiring productivity and visibility at scale within the SDLC, released the results of its annual State of Automotive Software Development survey conducted in partnership with Automotive IQ and the Eclipse Foundation. Nearly 600 automotive development professionals across the globe provided responses to current practices and emerging trends within the industry. The 2024 survey was expanded geographically to include more respondents from the Asia-Pacific region, providing a more accurate view of the current state of automotive development worldwide. 

Key findings show that quality and security have now outpaced safety as leading concerns, while the automotive vehicle market continues to rapidly evolve. The survey found that automotive developers’ top three leading development concerns are quality (29%), security (25%), and safety (21%). Quality was the top concern for respondents in the Asia-Pacific region, while security was the leading concern for respondents in all other regions. 

The shift from safety to security this year suggests that while safety standards are now well established in the automotive industry, embedded security — especially meeting regulations requiring cybersecurity approval and enforcing secure coding practices — will be an important focus for automotive professionals in the years ahead. 

“Embedded security concerns continue to rise as the need to protect automotive electronic systems, communication networks, and software grows,” said Perforce Product Evangelist Steve Howard. “OEMs and their supply chain partners want to prevent costly and malicious attacks, unauthorized access, or manipulation to automotive systems, and ensuring their code is secure is the first step to mitigating those incidents.”

The global economy continued to have the greatest market impact of automotive software professionals, which means that among other strategies, maintaining industry competitiveness and maximizing existing resources are of great importance in 2024. Perforce’s findings also show that there was an increasing move toward a hybrid/remote workforce and a greater focus on team productivity and accelerating development.

Electric and connected vehicle development is also greatly impacting development teams. The majority of teams are now working on electric components (84%), and connectivity components (79%) to some degree.

With electric and connected vehicle segments becoming more established in today’s market, software is even more central to automotive development. The increasing amount of software installed in vehicles can lead to more safety and security considerations during the development process — preferably as early as possible. Of those surveyed, 59% of automotive developers have adopted or are in the process of adopting a shift-left strategy to identify software vulnerabilities as they code.

Another notable finding was that 82% use a coding standard to ensure safe, secure, and reliable code — with 67% of those surveyed using a static code analysis tool to aid in compliance, and 26% using a SAST tool to ensure secure software. 

This year, 62% of developers surveyed are using MISRA®, a 20% increase over last year. The publication of new MISRA guidelines (MISRA C:2023 and MISRA C++:2023) likely account for the sharp increase in those respondents using the standard. 

“Organizations across the automotive industry continue to work toward meeting the highest levels of quality,” said Director of Compliance Jill Britton. “With the rapid growth of the electric and connected vehicle segments, compliance to safety and security standards is going to be more important than ever.”

Interested parties can download the full 2024 State of Automotive Software Development Report by visiting: https://www.perforce.com/resources/sca/2024-state-automotive-software-development-report.

A live webinar featuring analysis of the results will take place on April 25, 2024. Those interested in attending can register at: https://www.perforce.com/resources/events/sca/webinar/2024-state-automotive-software-development.

About Helix QAC
For over 30 years, Helix QAC has been the trusted static code analyzer for C and C++ programming languages. With its depth and accuracy of analysis, Helix QAC has been the preferred static coe analyzer in tightly regulated and mission-critical industries that need to meet rigorous compliance requirements. Independently certified for use in the development of safety-critical software, Helix QAC finds and reports on violations of MISRA® rules and directives in C and C++. 

About Klocwork
Klocwork is a static analysis and SAST tool for C, C++, C#, Java, JavaScript, Python and Kotlin programming languages. It identifies software security, quality, and reliability issues, helping to enforce compliance with industry standards. Built for enterprise DevOps, Klocwork scales to projects of any size, integrates with large complex environments and provides control, collaboration and reporting for the entire enterprise. This has made Klocwork the preferred static analyzer that keeps development velocity high while enforcing compliance for security and quality.