Skip to content
SafetyTrust (STS)
ENDE
Insights · from the trenches

Field notes on Functional Safety & ASPICE.

Practical writeups from inside real Tier-1 engagements, not vendor whitepapers, not standards-body evangelism. Every claim ties back to a clause, a measurement, or a specific past observation.

2026-06-09 · Cybersecurity · 9 min read
HSM Testing in Automotive: Prove the Boundary, Not Just the Crypto

Functional crypto tests pass while a key still leaks. We test the HSM the way an attacker would, fault injection, side channel and fuzzing, write each security requirement as a specification pattern with an observer over the real trace, and prove the boundary holds for ISO/SAE 21434 and UNECE R155.

Read
2026-06-05 · Integration · 12 min read
One Foundation: Why ASPICE Work Products Are Mandatory for Both Functional Safety and Cybersecurity

ISO 26262, ISO/SAE 21434 and ASPICE describe one ECU built once, not three projects. We argue why solid ASPICE work products are the mandatory, shared substrate that both safety and cybersecurity analyses are performed on, and what silos cost you.

Read
2026-06-04 · Cybersecurity · 13 min read
ECU Penetration Testing: A Threat-Led Methodology for Automotive Control Units

A vulnerability scan reports known issues; a penetration test proves which attack against your ECU actually works. We walk our threat-led method, scoped from the ISO/SAE 21434 TARA, across UDS, secure boot, SecOC and HSM, and how its evidence feeds UNECE R155 type approval.

Read
2026-06-03 · Cybersecurity · 12 min read
Embedded Cybersecurity for ECUs under UNECE R155: From Concept to Type Approval

UNECE R155 made cybersecurity a homologation gate: no certified CSMS, no type approval. Our framework takes an ECU from Clause 15 TARA through secure boot, SecOC and HSM key management to a defensible, traceable evidence file, and keeps the CSMS alive afterwards.

Read
2026-06-02 · Cybersecurity · 11 min read
From TARA to Attack: Verifying Your Cybersecurity Mitigations Actually Hold

A TARA tells you which threats matter; it does not tell you whether the mitigation survives an attacker. We walk from threat scenario to abuse case, use attack-feasibility to prioritise, and build the asset-to-verdict trace R155 actually wants.

Read
2026-05-30 · Functional Safety · 12 min read
ISO 21448 SOTIF: What Your AEB / ADAS Team Needs in 2026

ISO 26262 covers things that break; ISO 21448 SOTIF covers the hazards your ADAS function causes when nothing is broken. A field guide to the four areas, triggering conditions, scenario catalogues, V&V and the EU GSR push for AEB teams in 2026.

Read
2026-05-28 · ASPICE · 13 min read
ASPICE Capability Level 3 in 90 Days, the STS Implementation Playbook (from a CL1 Start)

Ninety days from a genuine CL1 baseline to a defensible ASPICE CL3 is aggressive but achievable on a focused VDA scope. Our week-by-week playbook covers GP 2.x, the standard process and tailoring, traceability, and the downgrades that catch almost everyone.

Read
2026-05-25 · Functional Safety · 14 min read
ASIL-D Functional Safety: From Concept to Tool Qualification, a Tier-1 supplier guide

What ISO 26262 actually expects at ASIL-D, where the standard’s wording is most often misread, and which artefacts auditors will read first. With examples from BMS and PTC programs.

Read

Want these as they ship?

Follow our LinkedIn page or drop us a line and we’ll send the cornerstones as PDFs.

SafetyTrust on LinkedIn Email request