Abstract
The race for driverless vehicles is on the rise among industry players. Connected and Autonomous Vehicles (CAVs) success is founded on software integration that employs advanced technologies to offer valuable services. Software integration and network connectivity expose vehicles to numerous cyberattacks, making software security development the core factor affecting the reliability and safety of autonomous vehicles. The architecture of CAVs introduces unique challenges for automotive security development and operation that traditional security lifecycles are insufficient to manage. This paper presents a Secure Vehicle Software Engineering (SVSE) lifecycle that ensures security-by-design, devoting security considerations throughout all phases of the vehicle software development process. The SVSE lifecycle incorporates security activities that mitigate the development and operation challenges, reducing cybersecurity violations. It assists the automotive industry in complying with international security standards by granting security considerations throughout the development lifecycle that accommodate the requirements of industrial standards. The SVSE lifecycle promises manageability and deliverability of security practices throughout the full-life span of vehicles, making CAVs more resilient to cyberattacks.