Automotive Software Development & Security Solutions

Inside this Report

The automotive industry is experiencing a wave of interest, investment, and innovation as vendors advance new platforms and capabilities to enable connected, electrified, increasingly automated, and software-defined vehicles. This report defines and evaluates the market for automotive software, development/deployment tools, and cybersecurity solutions, delivering both quantitative and qualitative insights into the forces driving change. It examines recent industry developments, shifting engineering requirements, and vendor strategies that are reshaping this rapidly evolving landscape.

What Questions are Addressed?

• As cybersecurity becomes a bigger concern and new standards are adopted in the automotive industry, how will vendors adapt?
• Which areas of software development will experience the most growth?
• Who are the leading suppliers in the industry, and what initiatives are they taking to ensure their future in the industry?
• What features and functions are consolidating in modern software development tools & platforms?
• Why are automotive software partnerships evolving to long-term strategic collaborations?
• Which technologies are OEMs investing in to secure the future of software-defined, autonomous, connected, and electrified vehicles?

Who Should Read this Report?

• CEO or other C-level executives
• Corporate development and M&A teams
• Marketing executives
• Business development and sales leaders
• Product development and product strategy leaders
• Channel management and channel strategy leaders

Organizations Listed in this Report

• Aeris
• Airbiquity / Karma Automotive
• Amazon / AWS
• Aptiv / Wind River
• Arm
• AUMOVIO /Elektrobit / PlaxidityX
• Aurora Labs
• AVL
• Block Harbor
• Broadcom / VMware
• BTC
• Cadence
• Canonical
• Cetitec (a Porsche company)
• Clearlake Capital
• COVESA / GENIVI
• Cybellum
• Dassault Systemes
• Deloitte
• dSPACE
• Eclipse Foundation
• Edge Impulse
• emlix
• ETAS (Bosch subsidiary)
• eSOL
• Excelfore
• Flexera
• Ford
• Foretellix
• GAIO Technology
• General Motors
• Green Hills Software
• HARMAN
• HPE
• Hyundai Mobis
• IBM / Red Hat
• Infineon Technologies
• INTEGRITY Security Services
• Intel
• Inverted AI
• Jama Software
• Jfrog
• Karamba Security
• Kaspersky
• LG Electronics
• Lynx Software Technologies
• MathWorks
• Mend.io
• Mercedes-Benz
• Microsoft / Azure
• Nissan Motor Co.
• NVIDIA
• NXP Semiconductors/ TTTech Auto
• Parallel Domain
• Perforce
• PTC
• Qualcomm
• QNX (division of BlackBerry Limited)
• Renesas Electronics
• Sibros
• Siemens / Altair
• Sonatus
• Sonotype
• Stellantis
• STMicroelectronics
• SUSE
• Synk
• Synopsys / Ansys
• Texas Instruments
• Thales
• Tier IV
• Tata Elxsi
• Triumph Group
• Upstream Security
• Vector Informatik
• VicOne
• Volkswagen / CARIAD
• Voxel51
• Wind River

Executive Summary

The automotive industry is undergoing a major transformation as advances in technology drive the rise of software-defined, electrified, semi-autonomous vehicles, connected car platforms, and next-generation communication systems. These changes are fueling demand for specialized software and development tools to build, manage, maintain, and secure increasingly complex vehicle architectures. As hardware consolidates and competition shifts toward differentiation through features and services, software development has become a central priority for OEMs. The era of the software-defined vehicle is now underway, with both automakers and Tier 1 suppliers rapidly expanding their software capabilities and scaling developer talent to meet the needs of next-generation mobility.

The automotive industry is transitioning from hardware-defined vehicles with limited attack surfaces to software-defined vehicles (SDVs) that support over-the-air (OTA) updates and include both wired and wireless security exposure. To address these new vulnerabilities, automakers and their supplier ecosystems are deploying a range of cybersecurity solutions that align with internal OEM standards, government regulations, and industry best practices to ensure safe and secure vehicles.

The report covers software, development and security solutions across IoT & embedded operating systems (OSs), containers, hypervisors, automated software & security testing (ASST), Model-based systems engineering tools (MBSE), requirements management tools (RM), software composition analysis (SCA), cybersecurity, Edge AI, DevSecOps/OTA, virtual ECUs, and autonomous vehicle verification.

Key Findings

• The rise of advanced driver-assistance systems (ADAS), software-defined vehicles (SDVs), and over-the-air (OTA) updates is accelerating the automotive software market, as OEMs strive to deliver rapid feature enhancements today while advancing toward autonomous and connected mobility.
• OEMs face a range of challenges in developing vehicle features, including macroeconomic pressures and shifting consumer demand, increasing system complexity, and high development costs.
• According to VDC's Voice of the Engineer survey, respondents indicated that the complexity of applications and technology is the leading factor for delays to automotive projects.
• The expansion of product portfolios through both internally developed solutions as well as collaborative partnerships will drive vendor differentiation within the SDV market, as engineers seek to consolidate toolsets and look for ease of integration.
• The growing use of AI in automotive software development and cybersecurity solutions will be essential not only for expediting SDV innovation and ensuring safety, but also for strengthening defenses against emerging AI-powered cybersecurity attacks.
• Regional and country-specific standards require OEMs and suppliers to integrate safety validation, threat modeling, secure coding, over-the-air update controls, and lifecycle risk management into their software development workflows.

Report Excerpt

The Next Wave of Automotive Innovation

Understanding evolving automotive market trends is critical to guiding the development of next-generation software architectures and cybersecurity solutions.As the complexity of SAE Level 3 and Level 4 systems expands within high-dependability environments, the implementation of an integrated and automated software toolchain becomes essential to ensure functional safety, system integrity, and regulatory compliance. Such a toolchain must enable model-based development, high-fidelity simulation, continuous integration and deployment (CI/CD), and comprehensive validation and cybersecurity assurance throughout the vehicle's. To help alleviate this growing complexity, software tool vendors should deliver interoperable platforms and open solutions that integrate with other vendors and tier suppliers across the automotive supply chain, fostering greater collaboration, efficiency, and system-level optimization.

Furthermore, interest in ADAS and AD sensing technologies remains strong, with 31% of respondents highlighting image sensors, 28.6% citing LiDAR sensors, and 23.8% identifying radar sensors as key areas of interest. To enable multi-sensor systems, 21.4% of respondents pointed to sensor fusion ECUs as an important supporting technology. The integration of these sensing modalities, coupled with advanced fusion algorithms, is critical for delivering the high-resolution, real-time environmental perception required for both ADAS and higher-level autonomous driving functions. As vehicles adopt increasingly complex sensor suites, robust hardware security architectures, testing, and verification processes can play a critical role in ensuring seamless system and software interoperability, consistent performance, and the reliability needed to meet safety-critical regulatory demands.

Although Vehicle-to-Everything (V2X) technology has yet to achieve mainstream adoption, surveyed automotive engineers identified Vehicle-to-Infrastructure (V2I) at 26.2% and Vehicle-to-Vehicle (V2V) at 23.8% as key areas of focus [see Exhibit 20]. V2I, V2V, and broader V2X capabilities enhance vehicle safety and situational awareness by enabling data exchange beyond the line of sight and range limitations of onboard sensors.

To address the security implications of this connectivity, cybersecurity vendors must develop protection layers specifically designed to safeguard V2X safety communications. As semi-autonomous and fully autonomous vehicles continue to mature, these vendors should prioritize automotive-specific protection mechanisms that preserve safety-critical operations even during cyberattacks or system malfunctions, unlike traditional IT security measures that may simply isolate or shut down affected systems.

OEMs, aiming to control costs and comply with varying regional regulations, are likely to concentrate on developing fundamental in-house protections while relying on specialized vendors for advanced or system-level defenses. This evolution underscores the need for cybersecurity providers to tailor their offerings to emerging SDV architectures, the unique vulnerabilities these systems introduce while ensuring compliance with diverse regulatory frameworks.

As cybersecurity becomes more deeply integrated into the SDV software lifecycle, collaboration between OEMs, Tier 1 suppliers, and software vendors will be essential to maintain compliance, streamline development, and ensure continuous protection throughout the vehicle's operational lifespan. Effective coordination across the supply chain, supported by standardized frameworks, shared threat intelligence, and interoperable toolchains, will be critical to managing risk and enabling secure innovation at scale.