Automotive SPICE, safety and cybersecurity integration

Georg Macher*, Alexander Much, Andreas Riel, Richard Messnarz, Christian Kreiner

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference paperpeer-review


Currently developed automotive systems exhibit an increased level of automation as well as an ever-tighter integration with other vehicles, traffic infrastructure and cloud services. Thus, just as safety became a critical part of the development in the late 20th century, the automotive domain must now consider cyber-security as an integral part of the development of modern vehicles. Novel features, such as advanced driver assistance systems or automated driving functions drive the need for built-in security solutions and cyber-security aware system design. Unfortunately, there is still a lack of experience with security concerns in the context of safety engineering in general and in the automotive safety departments in particular. A European partnership developed a skill set, training materials and best practices for ISO 26262 in the context of the EU project SafEUr. This working party (SoQrates working group) shares knowledge and experiences and integrated the Automotive SPICE assessment model with functional safety requirements, which was further used in integrated Automotive SPICE and safety assessments. The members of the SoQrates working group are, to a large extent, certified Automotive SPICE assessors dealing with security-related project in practice. From 2016 onwards, the SoQrates working party started to analyse the SAE J3061 cyber-security guidebook and integrated the additional requirements of SAE J3061 into this assessment model. This paper will summarise the previous results and extensions of the assessment model and the working group’s vision, how an Automotive SPICE assessor can support also the auditing of projects with close security relation.

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10489 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


ConferenceInternational Conference on Computer Safety, Reliability, and Security, SAFECOMP 2017 and 5th International Workshop on Assurance Cases for Software-Intensive Systems, ASSURE 2017, 12th Workshop on Dependable Embedded and Cyber-physical Systems and Systems-of Systems, DECSoS 2017, 6th International Workshop on Next Generation of System Assurance Approaches for Safety Critical Systems, SASSUR 2017, 3rd International Workshop on Technical and Legal Aspects of Data Privacy and Security, TELERISE 2017 and 2nd International Workshop on the Timing Performance in Safety Engineering, TIPS 2017


  • Automotive
  • Automotive SPICE
  • ISO 26262
  • SAE J3061
  • Security analysis

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Automotive SPICE, safety and cybersecurity integration'. Together they form a unique fingerprint.

Cite this