Secondary standards
While the primary standards may provide a holistic framework for engineering secure automotive products, they rely on secondary and supporting standards to address specific technical areas of the engineering life cycle. Awareness of such standards is necessary to judge whether they apply to your organization or product offering.
IATF 16949:2016
Developing automotive products within the framework of a quality management system (QMS) serves as a prerequisite to achieving product security. ISO/SAE 21434 makes adherence to a QMS a requirement, which is reasonable considering the difficulty of arguing that a product is secure while not being able to demonstrate its quality [9]. For example, software developed outside a QMS is expected to contain more bugs due to the lack of formal quality checks, such as code reviews and software tests. A percentage of those software bugs are likely exploitable by an attacker. Without the help of a QMS, we are unable to manage...
