Software Process Improvement Capability Determination, or SPICE (ISO/IEC 15504, ISO/IEC 33000), is a widely used industry standard for assessing the processes of software development and management, with an emphasis on the capability for continuous improvement. Developed jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), the primary goal of the standard is to help software development task forces and organizations improve the process of their projects. Although SPICE is used for evaluating software development processes in general, several adjusted and extended versions of SPICE have been established to fit the needs of different industries. One of them is ASPICE (Automotive SPICE). As automobiles become increasingly software-oriented, ASPICE is quickly gaining attention in the automotive industry. Many automotive software providers are adopting ASPICE as an assessment standard to improve the quality and efficiency of their software development processes.
The Assessment Framework
Unlike many technical protocols, ASPICE does not define the software development process step by step, but instead lists what practices should be done and what goals should be achieved. This makes the standard applicable to a wide range of software suppliers and development processes, allowing them to carve out a process that best fits their environment.
After undergoing ASPICE assessments, the tested projects are given a rating based on their capability level (CL). A total of six capability levels are included in the assessment framework:
Level 0: Incomplete Process – missing components in the software development process
Level 1: Performed Process – all components are performed, and results are achieved
Level 2: Managed Process – all components are planned, performed, and managed
Level 3: Established Process – process is implemented based on well-established standards across the organization
Level 4: Predictable Process – process is implemented consistently, and results are predictable
Level 5: Optimizing Process – process is consistent, predictable, and continuously improved
Throughout the six levels, organizations that achieve capability levels 2 and 3 are generally considered to have good software development practices, while those achieving levels 4 and 5 are seen as having exceptional capabilities. Not only does this rating system provide helpful insights during self-evaluation, but organizations can also acquire ASPICE certifications by having ASPICE-certified independent parties conduct audits of their software development processes.
For instance, AUTOCRYPT’s new in-vehicle systems security solution, AutoCrypt IVS-TEE, received ASPICE CL 2 certification prior to its initial launch in January 2023. IVS-TEE secures embedded automotive systems by constructing trusted execution environments (TEE), making it one of the first TEE-based security platforms in the automotive industry.
The Assessment Criteria
What are the evaluation criteria that determine the capability levels of an assessment target? To evaluate a process, ASPICE uses the following nine process attributes:
1.1 Process performance
2.1 Performance management
2.2 Work product management
3.1 Process definition
3.2 Process deployment
4.1 Process measurement
4.2 Process control
5.1 Process innovation
5.2 Process optimization
Each of the above attributes is evaluated using a four-point scale, commonly known as the N-P-L-F scale:
N (not achieved): 0-15%
P (partially achieved): 15-50%
L (largely achieved): 50-85%
F (fully achieved): 85-100%
More detailed guidelines are provided in ASPICE on how to evaluate each attribute, making the assessment results both objective and accurate.
The Importance of ASPICE for the Automotive Software Supply Chain
Unlike legally binding regulations such as WP.29 (UN R155/156), ASPICE serves less as a regulation and more as a toolkit that helps all parties in the automotive software supply chain. Suppliers can use ASPICE to gain a clear understanding of their software development processes and improve based on the results, whereas ASPICE certifications can help buyers make more informed purchase decisions for software products.
As the software-centric automotive supply chain starts to take shape, the quality and safety of a vehicle is now defined by its software features instead of hardware performance. As such, many industry players are now adopting ASPICE for an accurate self-assessment of their software development processes, ensuring that the best practices are used to control the quality of embedded automotive software, improve the efficiency of product development, and achieve continuous improvement and long-term success.
Automotive software providers that adopt ASPICE have a competitive advantage as they can maintain a well-defined, streamlined process for software development. This helps them achieve predictable and reliable results while minimizing human errors.
From ASPICE to Software Security
Although ASPICE isn’t a cybersecurity standard per se, it does provide a solid foundation for software security and can be used to complement both cybersecurity and functional safety processes, including ISO/SAE 21434: Road Vehicles – Cybersecurity Engineering and ISO 26262: Road Vehicles – Functional Safety. Since many cybersecurity failures and safety-related recalls can be traced back to improper practice at the development stage, having a well-established and predictable software development process minimizes software vulnerabilities and development flaws.
AUTOCRYPT’s in-vehicle systems security solution, AutoCrypt IVS, also emphasizes the importance of analyzing flaws and vulnerabilities at the software development stage. In 2022, two new tools were introduced to aid this process: AutoCrypt Security Analyzer and Security Fuzzer. One of which uses SBOM-based software composition analysis to eliminate software vulnerabilities at the development stage, while the other uses smart fuzzing to generate semi-random test cases to search for development flaws.
Of course, ASPICE and vulnerability testing do not guarantee security throughout all stages of the vehicle lifecycle. This is why AUTOCRYPT also provides intrusion detection and protection (IDP), as well as a vehicle security operation center (vSOC) for continuous fleet monitoring.
To stay informed and updated on the latest news about AUTOCRYPT and mobility tech, subscribe to AUTOCRYPT’s official newsletter.