The itemis blog

Accumulated IT knowledge

Cyber security, Automotive

Customizing Threat Catalogs With itemis SECURE: Optimizing TARA Processes With STRIDE and MITRE Frameworks in Automotive

The threat catalog contains all of the threats that should be considered within the TARA process. There are some established formats for the threat catalog such as STRIDE or MITRE; and these can be incorporated within itemis SECURE. Additionally, itemis SECURE ...

by Matthew Moser

6 min. reading time
Cyber security, Press reports

itemis Partners with BlackBerry to Drive Improvements in Automotive Cybersecurity

Integration will enable automakers to better understand their Software Bill of Materials (SBOM) to achieve compliance with ISO/SAE 21434

by itemis

3 min. reading time
Cyber security, Automotive

6th Annual Auto-ISAC Cybersecurity Summit 2022

Franz-Josef Schuermann, Chairman of the Board itemis Inc., shares his vision for TARA Automation

by Matthew Moser

3 min. reading time
Software Development, Cyber security

Security by design in the automotive development process

In the automotive domain, security is becoming more and more important – especially for the new generations of connected, (semi-)autonomous vehicles. In this article, I’ll explain the basic concept behind the term “security by design”. You will also learn how to ...

by Dirk Leopold

10 min. reading time
Cyber security, IoT, Embedded

Secure Firmware-Over-the-Air Updates for ESP8266-based IoT devices?

IoT devices without a build-in firmware update capability make hardly sense. However, the implementation of the same on small devices can be quite challenging, and often is done at the expense of security. This article gives an insight into this problematic taking ...

by Stephan Eberle

4 min. reading time
Software Development, Cyber security, OpenPGP

OpenPGP on the Job – Part 8: SSH with OpenPGP and YubiKey

Being an employee in the IT myself, I often need to access remote machines. Most of the time, SSH and public key cryptography is used here. But although I do use OpenPGP for mail and data encryption, I still need an extra SSH key pair for this kind of remote ...

by Jan Mosig

15 min. reading time
Cyber security, IoT, Embedded

A Tool-Based Security Analysis – Part 2: Damage Classes And Potentials

In Part 1 of this blog series, we have seen how the attack potential of an attacking agent can be modeled. For our system, we also want to model the parts and aspects that we want to protect and the damage that can be done by an attacker. So as a next step, we ...

by Andreas Graf

3 min. reading time
Cyber security, IoT, Embedded

A Tool-Based Security Analysis – Part 1: Required Attack Potential

As Dirk Leopold pointed out in his post, security is one of the most strategically important concerns in the automotive industry in the future. We will be introducing the concepts of security analysis and how they are adressed in a tool, that we have been ...

by Andreas Graf

4 min. reading time
Software Development, Cyber security, IoT, Embedded

Why security is one of the biggest engineering challenges ahead

Hardly a week goes by without major security issues being reported. The recently identified vulnerabilities of a wide range of CPUs named “Spectre” and “Meltdown” potentially affect millions of PCs and smartphones. While no actual damage can be connected to these ...

by Dirk Leopold

9 min. reading time