Software Defined Vehicles
Quality, safety, and security
Navigating the software-defined vehicle revolution
The software-defined vehicle (SDV) is transforming how the automotive industry creates value. OEMs and suppliers must adapt their strategies and development processes to meet new demands for quality, safety, and security.
The fact that the automotive technology of the future will be primarily determined by software is an unstoppable process that automotive manufacturers and their suppliers are fully aware of. Nevertheless, they come from a hardware-driven world, and the transition from traditional vehicle architectures and fully software-defined approaches poses real challenges on several levels.
From Domain ECUs to Centralized SDV Architectures
Firstly, organizations must shift from domain-centric ECUs to centralized compute platforms. This requires decoupling legacy software from specialized control units. And with safety and security having very different requirements to the wide range of automotive applications, developers also need to ensure real-time safety and the integration of isolated containerized functions with mixed criticality, from infotainment to safety, and ADAS.
This transformation requires more than just technical changes, it also demands structural and cultural changes. Development processes and organizational structures must be adapted to support integrated software architectures for faster iteration and cross-domain coordination.
From V-Cycle to DevOps: Modern Processes for SDV Engineering
A shift in thinking is also necessary regarding over-the-air (OTA) updates, with developers having to experiment beyond infotainment applications. They need to expand their horizon and think about secure software updates in safety-critical fields such as ADAS and powertrain.
The development of SDVs also impacts the workflows and processes of engineering teams. For faster iteration, continuous integration, and more flexible software updates, they need to pilot and adopt DevOps and Agile methods. However, this must not be at the expense of validation and traceability required for functional safety standards.
Leading OEMs are already in the middle of this transformation process: they are setting up internal software teams and developing their own software platforms, such as Volkswagen’s CARIAD building the VW.OS, Mercedes-Benz with MB.OS, or Woven by Toyota with Arene OS. But many still rely heavily on external suppliers. This means that the level of maturity varies considerably between regions and product lines.
Why Legacy ECUs Limit SDV Performance and Updatability
All OEMs and Tier 1 suppliers are mostly facing the same challenges in their transition to software-defined vehicles. The legacy automotive architecture remains a major bottleneck. Distributed ECUs make system-wide updates, optimizations, and cross-functional communication difficult. This is due to limited interoperability of newer software on outdated CAN-based networks. Furthermore, limitations in memory, processing power, and bandwidth restrict software reusability and the ability to extend functionality across the vehicle.
How Unified Software Architectures Accelerate SDV Innovation
The lack of a unified software architecture that goes beyond limited standards like AUTOSAR or middleware protocols such as DDS (Data Distribution Service) and SOME/IP (Scalable service-Oriented Middleware over IP) has led OEMs to developing proprietary stacks, which drives up costs and reduces supplier flexibility. This lack of consensus across the industry makes the integration of third-party software (e.g., for navigation, voice control, connectivity) slow, risky, and less scalable across vehicle platforms.
When Hardware-First Processes Collide with SDV Reality
Another major challenge is the organizational misalignment, as the traditional hardware-centric development models clash with the faster, iterative nature of modern software development practices. Isolated teams and rigid processes create friction between hardware, safety, and cybersecurity requirements, while the transition from waterfall to agile or hybrid methods is especially complex in large, compliance-driven organizations.
Building SDV Teams with Embedded, Cloud and AI Expertise
Added to this is the problem of a shortage of talented developers skilled in embedded systems and experienced in working with DevOps, cloud-native, and AI/ML technologies. This is worsened by the lack of toolchains that are capable of large-scale versioning, simulation, and debugging, which means that teams are often forced to cobble together solutions that are inefficient and difficult to integrate.
SDV Compliance in Practice: ISO 26262 and ISO/SAE 21434
Finally, the complexity of compliance and certification remains to be a challenge in SDV development. Meeting functional safety (ISO 26262) and security (ISO/SAE 21434) standards becomes challenging when software is modular and reused. Continuous integration/deployment (CI/CD) practices are difficult to align with strict traceability and audit requirements, and frequent re-certification of safety-critical components slows down innovation.
First Steps Toward Modern SDV Architectures
However, OEMs and Tier 1 suppliers are actively working to address the challenges of SDV development by fundamentally changing architectures and processes.
A key step is the adoption of centralized compute and zonal architectures to consolidate ECUs into fewer, more powerful units, enabling easier software updates and more efficient resource allocation. Zonal architectures also reduce wiring complexity and support modular scaling of hardware and software across different vehicle models.
These new architectures require dedicated SDV OS and middleware. Software-defined vehicles rely on real-time-capable operating systems that support over-the-air updates, cybersecurity, and deterministic behavior. Middleware further enables hardware abstraction in heterogenous hardware and efficient, service-oriented communication across zones, domains, and cloud-connected components.
How Containers and Virtualization Enable Flexible SDV Software
To better manage the different applications, development teams work with containerization and virtualization. Docker-like containers which have been adapted for embedded systems help them to isolate software modules. With partitioned environments and hypervisors, they can securely run real-time and non-real-time functions on shared hardware without interference.
This approach aligns closely with the rise of DevOps-inspired workflows in SDV development. These include building CI/CD pipelines tailored for embedded systems, incorporating simulation, static analysis, and hardware-in-the-loop testing. Teams are also adopting infrastructure-as-code principles to automate hardware configuration, testing, and validation processes.
Building on containerization and DevOps practices, unified development platforms enable cross-functional teams to collaborate more effectively using unified development platforms with version control, unit testing, and collaborative debugging. Some OEMs and Tier 1s are also adopting digital twins to accelerate testing cycles and support continuous validation throughout the development process.
From Manual Audits to Automated Compliance for SDVs
These initial approaches to embedded software development for SDVs are already widely used by leading automotive companies. However, there are some advanced strategies that increase development efficiency, accelerate processes and keep costs under control.
One such solution is automated compliance tooling. These tools integrate checks for MISRA-C compliance, security scanning, and traceability mapping directly into CI pipelines. For example, static analysis tools like IAR C STAT can perform automated MISRA C, CERT-C/C++, and CWE checks on every build. This reduces manual re-certification and ensures safer, faster iteration in safety-critical environments.
Reusable Software Platforms as SDV Productivity Boosters
Modular, reusable software components are another promising strategy. By building code that can be used across different models and platforms, OEMs and suppliers can streamline development and reduce duplication. Industry-proven tool chains such as IAR Embedded Workbench and tools such as IAR Visual State provide efficient support in the development workflow.
To make this reuse effective at scale, cross-domain collaboration platforms can be introduced. These allow hardware, software, system engineering, and security teams to work in parallel using shared models such as SysML or model-based systems, reducing development friction and improving alignment. Many companies adopt integrated development platforms, such as the IAR Embedded Platform, which brings together IAR Embedded Workbench, IAR Build Tools, IAR Visual State, IAR C-STAT, and IAR C-RUN, while also ensuring functional safety across various architectures. These unified environments support shared version control, unit testing, and collaborative debugging across teams.
How Modern Toolchains Raise SDV Quality and Security Standards
Tool suites like that also support containerized builds and cloud-ready CI/CD, enabling scalable simulation and testing environments, such as cloud-based hardware-in-the-loop (HIL) and software-in-the-loop (SIL) setups, while IAR’s runtime analysis tools C RUN help detect errors in simulated and hardware environments. This kind of setup reduces the dependency on physical test benches and enables large-scale validation, including AI-driven scenario generation for edge cases and failure modes.
For introducing embedded security, OEMs and Tier 1 suppliers often rely on specialized tools, that do not require specialized encryption expertise and even allow the late-stage integration of security features. IAR offers Embedded Trust, a secure-boot and firmware-signing solution with anti-rollback and software integrity enforcement. Combined with Embedded Secure IP and Secure Deploy, it protects the customer’s IP and ensures secure OTA deployment, all seamlessly integrated into the development toolchain.
All measures to ensure software quality, also serve the supreme discipline in software development: the unified security strategy which takes a proactive, lifecycle-based approach to cybersecurity, starting from bootloader protection and extending to OTA patching. This strategy oversees that safety and security requirements are integrated without compromising functional isolation or real-time performance.
IAR’s flexible platform ensures compliance, and optimizes workflows for SDV development (source: iar.com)
Next Steps for OEMs on the Road to Software-Defined Vehicles
The software-defined vehicle revolution is not just about putting more software into cars. It rather marks a fundamental shift in how vehicles are engineered, updated, and experienced, demanding new strategies for quality, safety, and security across the entire development process. To succeed, OEMs and suppliers must change their mindset from vehicle development to software product lifecycle management. They must invest in toolchain modernization, even if they only do it step by step. These companies also need to build a culture where security, safety, and agility are considered priorities, not trade-offs. The transformation is complex, but with the right platforms, processes, and partnerships in place, the automotive industry is well on its way to unlocking the full potential of the software-defined vehicle of the future.
The authors
Changjiang Duan is a Field Application Engineer at IAR in Shenzhen. He previously worked as automotive embedded software engineer at Johnson Electric and Valeo before joining IAR. He holds a M.S. in Electrical Engineering and specializes in automotive ECU embedded software development.
Rafael Taubinger is the Global Product Marketing Manager at IAR in Sweden, with over 20 years in the embedded industry. He previously held positions as Global FAE Manager and Senior FAE at IAR. He holds a B.S. in Electrical Engineering and an M.B.A in Business Management.
