There’s no question: Security in the embedded world will continue to pose special challenges, especially as the world becomes increasingly interconnected. What does this mean for us? As I mentioned in my previous discussions (parts 1, 2, 3, 4), it’s important to know where the problems lie so we can prevent issues in the future.
To recap, the following four steps go a long way toward ensuring security:
1. Recognize where security breaches come from. Because security is not standardized for vertical markets, and there is no governing body overseeing security, the onus is on development teams and organizations to ensure their software is secure. We need to find a way to agree on an overarching security standard, one that is adaptable to vertical markets.
2. Establish quality processes. Development teams have a responsibility for establishing processes, and the good news is, there’s no need to re-invent the wheel. Industries such as automotive, industrial, medical, and aerospace already use software processes based on the V model development, defined by IEC 61508 and other similar standards. These processes – such as traceable test cases, coding standards, and dynamic and static code analysis – have yielded fantastic results.
3. Don’t forget about a life cycle. A software life cycle is vital because it specifies a set of steps from concept to release, and it introduces a process for change: As one element changes, there is someone in charge of what that change is going to affect.
4. Pay attention to system design. A well-thought-out system design is also crucial, and designers need to be more thorough than ever when designing secure software. For one thing, make sure your software can’t be modified or read by a third party. Also, ensure that your hardware operates solely with authenticated software and your new software releases only work with authentic hardware. As for your security component, make sure it focuses on security and nothing else.
Increased interconnectivity threatens user data in ways that were not imagined 10 years ago, and developers now need to be more vigilant. With a little extra investment and due diligence in the beginning, and by implementing processes that have already worked, we can diminish defects and security breaches, lower costs, and ensure a future of high-quality, reliable software.
I’d like to thank Embedded Computing Design for letting me contribute to this important discussion on security and welcome your additional thoughts on next steps.
Dave Hughes is the CEO and founder of HCC Embedded, a developer of re-usable embedded software components. Dave is a “hands-on” embedded specialist, who still actively contributes to the strategy and direction of HCC’s core technologies. His extensive experience has made him one of the industry’s leading authorities on fail-safe embedded systems, flash memory, and process-driven software methodologies. He is a graduate of the University of Sussex in England.