Complete Vehicle-Wide Visibility

RunSafe Security’s Approach to R155/ISO21434

As vehicles become increasingly software-defined and interconnected, cybersecurity now plays a direct role in vehicle safety and operational integrity. New global standards and regulatory requirements reflect this shift, recognizing that vulnerabilities in connected ECUs, over-the-air update systems, and supplier-provided components can introduce real-world safety risk. The compliance landscape is evolving from process documentation to demonstrable, lifecycle cybersecurity assurance.

TALK TO AN EXPERT
ADAS Icon

New Expectations: ISO 21434 

Automotive manufacturers and suppliers face increasing regulatory scrutiny under ISO/SAE 21434 and UNECE R155. An SBOM alone is not enough. To ensure vehicle safety and regulatory approval, OEMs are expected to demonstrate:

  • A complete, validated SBOM
  • A clear understanding of vulnerabilities
  • A risk-based remediation strategy
  • Vehicle lifecycle monitoring and response processes

“From our perspective, adding RunSafe means we have more opportunity to shrink the attack surface and reduce overall risks for our customers since security is now already built into our product.”

Senior Director, Business and Product Development

How RunSafe Supports Automotive Compliance

RunSafe strengthens the technical evidence required to support ISO/SAE 21434 engineering activities and UNECE R155 CSMS regulatory obligations — without compromising functional safety under ISO 26262 (including ASIL A-D)

Software Transparency & SBOM Accuracy

Complete, validated SBOM ready to meet ISO 21434 standards as key aspect for software component management.

  • Automated build-time SBOM generation for embedded systems
  • Accurate ECU software inventory
  • CycloneDX-compliant and aligned to NTIA minimum elements

Exploitability-Based Risk Clarity

Risk prioritization grounded in clear, outlined vulnerability posture. 

  • Maps CVE to SBOM components in real time
  • Assesses and prioritize vulnerability by exploitability — not just presence
  • Determines urgency (patch, mitigate, monitor, accept risk)
  • Supports VEX documentation


Measurable Risk Reduction

Demonstrable reduction of exploitable software risk

  • Makes classes of memory-based vulnerabilities non-exploitable
  • Reduces risk when patches are unavailable
  • No source code rewrites required

    Lifecycle Monitoring Support

    Sustained compliance confidence across the vehicle lifecycle.

    • Continuous monitoring for new CVEs
    • SBOM diff comparisons between builds
    • Integration with GitHub, GitLab, Bitbucket

    A Stroger Cybersecurity Position

    RunSafe provides technical evidence and reporting that supports these elements.

    Component Supported by RunSafe
    Item Definition
    TARA (Threat Analysis & Risk Assessment)
    Cybersecurity Concept
    Cybersecurity Requirements & Architecture
    Verification & Validation Evidence
    Residual Risk & Cybersecurity Case
    SBOM & Vulnerability Status
    Post-Development Monitoring & Response Plan

     


    DOWNLOAD THE FULL PDF

    Why RunSafe?

    RunSafe helps automotive manufacturers and suppliers turn SBOMs into defensible cybersecurity evidence. By identifying vulnerabilities, prioritizing exploitability, and reducing real-world risk, we enable measurable compliance support for ISO 21434 and R155 — strengthening certification readiness and lifecycle assurance across the vehicle ecosystem.

    TALK TO AN EXPERT

    Latest Resources

    Closing the IT/OT Gap: An OT Security Expert’s Field View

    Closing the IT/OT Gap: An OT Security Expert’s Field View

    Jun 22, 2026

    Key takeaways Attackers can halt industrial production without ever reaching the plant floor, because the systems that run manufacturing often sit on the corporate IT network. Many OT environments have no firewall between IT and OT, or one left misconfigured, and most...

    read more