Zenseact develops software for advanced driver assistance systems (ADAS) and autonomous driving, with traffic safety at the core of its operations. Zenseact works closely with vehicle development, where high demands are placed on quality, reliability, and safety. The software being developed is safety-critical and is used in products that must function in complex, real-world traffic environments.
With increasing connectivity, more complex systems, and a growing regulatory framework, the need for a more structured, integrated approach to cybersecurity has become clear. To meet these demands, Zenseact initiated a consulting assignment with Devies Cybersecurity+, focusing on strengthening both product and development security in a practical manner closely aligned with their core operations.
Assignment
Zenseact’s challenge was to manage cybersecurity as a natural and integrated part of developing safety-critical software—without slowing down the pace of development or creating unnecessary administrative complexity.
The needs included:
- Translating requirements from standards, regulations, and internal governance models into practical, functioning processes.
- Creating a clear structure, traceability, and accountability throughout the entire product lifecycle.
- Ensuring regulatory compliance and robustness in both products and development processes.
- Building a long-term approach to cybersecurity that works in everyday operations and is adapted to Zenseact’s existing ways of working.
The mission for Devies Cybersecurity+ was to support Zenseact in establishing and further developing these capabilities through a close and practical collaboration.
Solution
The work was carried out as a long-term consulting assignment where Devies Cybersecurity+ worked closely with Zenseact’s team. The focus was on integrating cybersecurity into the daily development work rather than introducing parallel or standalone processes.
"Collaborating with Zenseact has been both educational and inspiring. Their technical expertise and strong drive make it easy to work together, and we have been able to contribute our experience in cybersecurity while learning a lot from their way of working ourselves,"
The work encompassed both strategic and operational efforts, where security requirements, risk management, and regulatory compliance were translated into concrete practices that fit within Zenseact’s development environment. Through continuous dialogue and coordination between teams, they ensured that safety-critical decisions were made with the right foundational data and in the correct forums.
Results
The collaboration has resulted in a more structured and future-proof approach to cybersecurity, where security is an integrated part of both product development and the broader organization.
Governance & Compliance
- Establishment and implementation of Product Cybersecurity processes
- Development of security policies
- Documentation and reporting for regulatory compliance
- Support in producing audit evidence
- Development of cybersecurity cases for Zenseact customer
Risk Management
- Threat Modelling
- Adaptation of internal processes for requirements management and risk analyses for cloud platforms and applications
- Translation of cybersecurity requirements into actionable development tasks
DevSecOps
Implementation, hosting, and CI/CD pipeline integration of a vulnerability and dependency tracking solution (SBOM)
Operations & Organization
- Incident response processes
- Training and establishment of cybersecurity champions
The result is a workflow that strengthens regulatory compliance, technical robustness, and long-term sustainability—without compromising the pace of development or capacity for innovation.
