I am looking for suggestions for legitimate pen testing service providers for an embedded automotive application (black box and/or white box). Need someone that is familiar with embedded RTOS devices, UDS Services, CAN FD & Flexray scom., board level attacks, etc.
My searches have yielded very few legitimate options. Process / Deliverables should include (at a minimum) Security Architecture Review, Information Gathering, Passive Analysis, Active Analysis, and a complete report.
Any suggestions would be appreciated.