Your Take on Embedded Safety and Security
The curiosity-invoking results to date of a first-of-its-kind survey on safety- and security-aware embedded systems design.
Embedded device safety and security have become imperatives in this age of explosive IoT growth. Yet, confusion and misunderstanding surround the attitudes and opinions of the engineers who design the secure and safety-critical devices on which our infrastructure and economy depend. Because of Barr Group’s safety and security training focus, we felt it was necessary to develop a comprehensive survey as a necessary “deep dive” gauge of engineers’ current beliefs about safety and security. Our core sample complements traditional vendor-centric and broad industry surveys and represents the first all-encompassing attempt to gain clarity on the state of safety- and security-aware embedded systems design.
Intriguing Early Trends
With over 2500 qualified responses from all over the world (and still counting as I write this), we are learning quite a bit about the state of safety and security in embedded devices. In the coming weeks, as we close out the survey and analyze the results, we will share this information openly with the entire industry, so we all can learn and improve on the safety and security of future embedded devices.
Based on initial examination, some intriguing early trends have appeared in the results:
- Safety/reliability are significantly more important than security, yet time-to-market and schedule pressure trumps all. While this is to be somewhat expected, it should concern all of us who know that high-quality design requires proactive investment and cannot be compromised.
- Almost one-third of the products that will result from current design projects could injure or kill someone if the product malfunctioned. Clearly, safety-critical design matters.
- Almost two-thirds of the current design projects incorporate two or more processors/cores. This interesting finding demonstrates the complexity and challenge that designers have in maintaining reliability and security.
- C remains the language of choice for embedded devices. I don’t think anyone expected a different result, but the limitations of C have significant implications for quality, safety, and security.
- Most teams use formal version control and a bug-tracking system. Diligent use of these tools is essential for maintainability and quality.
- Most teams use coding standards, though the level of enforcement varies. Consistently enforced coding standards also enhance maintainability and quality.
- About one-third of embedded software projects incorporate almost no code review and about one-half use no static analysis tools. Given that investment in these proactive techniques and tools can result in a great reduction of costly downstream bugs and defects, this finding is rather concerning.
In preparation for our announcement of the comprehensive survey results at Embedded World 2016, we will be doing in-depth analysis of the results looking for the answers to much more probing questions, such as:
- What is the correlation between devices that can kill or injure and design teams that lag in the use of static analysis, code reviews, and coding standards?
- How do design teams in Asia, Europe, and the Americas differ in the importance they place on security and safety and in the use of proactive techniques to improve quality?
- Is there a relationship between the use of test-driven development (TDD) and heightened security awareness?
Demographics are critical to getting a well-balanced and statistically significant result. Because our respondent demographics are quite broad and varied, we expect to be able to delve into these and other more significant correlations. At present, survey demographics feature:
- More than 50% of the respondents are from outside of North America.
- More than 85% of the respondents (over 2500 responses) have real-world industry experience and are actively involved in embedded device design projects today.
- Company size and project size (in terms of people) are approximately evenly distributed from small to large companies and small to large teams.
- No single industry segment represents more than 20% of the results and no less than 10 different segments had over 100 respondents each.
We hope that you will join us for our free webinar on March 8th, 2016, where we’ll present this data in much more detail. Our goal is to provide meaningful information about safety and security in embedded devices, so that we all can learn to do better. And for Barr Group, we will use the survey results to better focus our whitepapers, webinars, and other industry outreach so we can directly encourage and support improvement in safety and security for future embedded device designs.
Barr Group co-founder Andrew Girson has over 20 years of experience in the embedded systems industry, first as a senior embedded software engineer and subsequently in executive roles as a CTO, VP of Sales and Marketing, and CEO. He has led multiple companies to multi-year double-digit revenue and profitability growth rates while maintaining a distinctly technical focus on high-quality embedded, wireless, and handheld systems. Girson holds BS and MS degrees in Electrical Engineering from the University of Virginia.