Uptane, the cyber security software developed by New York University, Southwest Research Institute, and the University of Michigan, is making inroads into the global automotive supply chain.
Last week, the German company Advanced Telematic Systems (ATS) said it integrated Uptane into its connected-car products.
Uptane protects car computers or electronic control units from being attacked when updates are installed wirelessly.
"Uptane is the most comprehensive security framework available to defend attacks on updates for connected cars," wrote Arthur Taylor, ATS' Chief Technologist, on the company's website.
NYU's Justin Cappos runs the project, and he says that the response to Uptane's release has been surprisingly warm, but ATS' adoption will help move the needle further.
"Having someone like ATS go and be a first, real pilot of this, do an excellent job with it, has really helped to show that to the industry this is viable, and easy, and feasible."
While ATS is the first to fully integrate Uptane, Cappos estimates another six to 12 other companies are finding ways to build Uptane into their systems. All this is good news to Cappos, who wants to help change how automotive cyber security is handled.
Currently, different vendors are building parts with their own software and few if any standards, shrouded in secrecy. Uptane, by comparison, was released to the public five months ago, actively inviting security experts to tear it apart and give feedback. It is the only open source, over-the-air cyber security product.
Cappos says security researchers found no critical flaws, and that vendors are starting to value that transparency. He hopes this ensures that car cyber security is standardized and never becomes a place that manufacturers are differentiating their products.
"I don't think anyone wants to be in a world where company X is advertising they had 30 percent fewer cyber security fatalities than company Y," says Cappos.
Uptane was funded in part by the Department of Homeland Security.