Shifting Cybersecurity Left in Automotive: How Secure by Design Enables Compliance and Safety

In this episode of Exploited: The Cyber Truth, RunSafe Security Founder and CEO Joseph M. Saunders returns to explore one of the most urgent challenges in modern transportation: securing the software-defined vehicle.

As connected cars grow more complex—with over 100 million lines of code and dozens of software components—they also become more vulnerable. Joe joins host Paul Ducklin to unpack how Secure by Design principles can help OEMs and suppliers address these risks before they hit the road.

We dive into why memory safety is foundational for protecting embedded systems like ECUs and infotainment units, and how the CAN bus and real-time operating systems factor into broader security decisions. Joe also explains how industry frameworks like ISO 26262 and ASIL (Automotive Safety Integrity Level) classifications help automotive teams align cybersecurity with functional safety goals.

If you're working on embedded systems, vehicle software, or supply chain security in the automotive world, this episode breaks down what it really takes to build safe, secure, and resilient vehicles—right from the start.

In this episode:

• Why vehicles have become such attractive cyber targets—and how criminals are exploiting remote attack vectors
• What “Secure by Design” really means for ECUs, infotainment systems, and embedded firmware
• How to manage software risk across global, multi-tier automotive supply chains
• Why memory safety is key to preventing attacks before they happen
• How ASIL safety levels guide critical system design and compliance
• The role of SBOMs, OTA updates, and RTOS security in future-proofing connected cars
• What a “shift left” approach actually looks like for automotive cybersecurity teams

If you’re building or securing the next generation of connected vehicles, this episode delivers critical insights on embedding cybersecurity into the foundation—not the finish line—of automotive innovation.