With the development of the "new four modernizations" of automobiles, automotive software is updated and iterated frequently. The traditional offline upgrade function can no longer meet the needs of users and automakers. Therefore, it is necessary to develop the over-the-air (OTA) upgrade function for automobiles. Through OTA upgrades, car manufacturers can push new features to vehicles in real time and continuously optimize the user product experience. However, the OTA upgrade process involves data interaction among multiple links such as the vehicle end, cloud, and communication links, exposing the vehicle to the risk of cyber attacks. This article systematically introduces the information security response solutions in the development of OTA functions for commercial vehicles from four dimensions: upgrade package security, vehicle-cloud link security, vehicle-end secure storage, and security monitoring and emergency response, providing technical references for the secure implementation of OTA in commercial vehicles.