Abstract: Under the trend of "software defined vehicles" with intelligentizing and networking, the importance of vehicles software continues to rise, and the security of vehicles software is becoming more important. In order to deal with the continuous network security attacks against vehicles, vehicle enterprises need to identify software defects and weaknesses early in the software development process, and intervene the security measures at all stages of software development. Therefore, the "shift left" software security development management and control platform is proposed. This platform can help vehicles enterprises implement software security development, accumulate software security development technology, reserve software security development talents, help enterprises continuously improve software security development process, enhance software product security capabilities, improve the overall security level of vehicles enterprises. Through the implementation in vehicles enterprises, the security vulnerability of vehicles software products has been effectively reduced, the development cost has been reduced, the overall management is visible, the business security is endogenous, forming the security development process standard of vehicles enterprises. This platform provides a new idea for the management and control of software security development in the vehicles industry.

Key words: Shift left; Software security; Security development; Management and control platform

摘要： 在“软件定义汽车”及智能化、网联化趋势下，软件对汽车的重要性持续攀升，汽车 软件的安全越来越重要。为了应对针对汽车不断发生的网络攻击安全事件，汽车企业需要在 软件开发的早期及早识别软件的缺陷和弱点，在软件开发的各阶段介入安全措施。因此，一 种“安全左移”软件安全开发管控平台被提出。平台可协助汽车企业落地实施软件安全开发， 积累软件安全开发技术，储备软件安全开发人才，帮助企业不断完善软件安全开发流程，增 强软件产品安全能力，提升汽车企业整体安全水平。通过在汽车企业的落地，有效减少了汽 车软件产品的安全漏洞，管理上全局可视，业务上安全内生，形成了汽车企业的安全开发流 程标准。该平台为汽车行业软件安全开发管控提供了新的思路。

关键词: 安全左移；软件安全；安全开发；管控平台