As embedded systems engineers, we’re conditioned to think of safety in terms of machines that can kill or injure, such as automobiles and medical devices. And we think of security in terms of devices that handle sensitive data, such as credit card readers and smartphones. However, in this age of IoT, with the ever-increasing number and types of devices under embedded software control, this view must change.
The simple fact is that with the explosive growth in connected devices, the concept of safety and security must be expanded. Limited attention to safety and security on any device design exposes that device and its designer to significant liability. Over the past few years, far too many embedded engineering teams haven’t paid enough attention, assigning either no one or just one or two engineers to safety and security issues.
Safety and security are in our DNA at Barr Group. We believe that every embedded engineer must be educated on safety and security awareness, from the systems architects and engineers to the electronics engineers to the firmware engineers. For years we’ve been making this argument, but the industry needs more objective data on safety and security. For this reason, we recently launched our comprehensive Embedded Systems Safety and Security Survey.
To get as objective a result as possible, we aimed for a strong demographic mix. This has paid off with more than 2,500 qualified respondents, with participants well distributed throughout Europe, Asia, and the Americas. As well, all of the respondents are currently involved in embedded device design projects within companies and teams of various sizes, and at least 10 different industry segments have generated high response rates.
As I write this a few weeks before Embedded World, results are still preliminary. I will be sharing more results at the show, but for now, early data shows certain trends:
· Management values time-to-market most. While safety/reliability is relatively more important than security across the respondent base, schedule pressure is most important.
· One-fourth of current design projects incorporate 4+ processors/cores, creating greater complexity and a challenge to maintaining reliability and security.
· About a half of embedded software projects incorporate no static analysis. This is quite surprising and concerning, given the plethora of readily available static analysis tools.
As we complete our analysis of the results, we hope to answer more probing questions, such as:
· What’s the correlation between devices that can kill or injure and design teams’ use of static analysis, code reviews, and coding standards?
· How do design teams differ across the world? For instance, do engineers in Europe place more or less emphasis on security and safety than the rest of the world, or vice versa?
In addition, we’ll continue to crunch numbers in preparation for our free survey results webinar on March 8. We trust that these results will re-emphasize to engineering and corporate leaders that the state of safety and security in IoT needs to improve. Our ultimate concern is for better, safer, more secure software and systems that contribute to the ongoing safety of the expanding realm of the “machines” that touch us all.
For our part here at Barr Group, our continuing industry outreach of blogs, whitepapers, webinars, and training courses will be well informed by this survey. Ultimately, it’s our hope that the survey will provide an accurate understanding of engineers’ perspectives about safety and security so that we can hold up a mirror to the industry and help us all ask: Is this really what we should be prioritizing? Is this really how we want to focus our businesses? Is this really what’s best for our overall economy and collective future?
Andrew Girson is the cofounder of Barr Group and has more than 20 years of experience in the embedded systems industry, first as a senior embedded software engineer and subsequently in executive roles as a CTO, VP of sales and marketing, and CEO. He holds BS and MS degrees in Electrical Engineering from the University of Virginia.