October 11, 2016
A subhead in the paper from today’s Check it Out link grabbed me: Security is a process, not a feature. Let me explain.
Basically, the Internet of Things (IoT) means everything is enlivened with digital smarts and communications links: Power grids, cars, appliances, smartphones, factory systems, pacemakers, etc. Most devices operate and communicate with other devices autonomously.The ubiquity of embedded code will continue to grow exponentially, and all that code is vulnerable to bugs and hackers alike. “How IoT Is Making Security Imperative for All Embedded Software,” a paper from Programming Research Ltd. (PRQA), lays out the security weaknesses in embedded code development processes and how you can minimize software defects that can spell trouble if not disaster.
Two main points carry this paper. First, the press of deadlines and, frankly, the old way of developing embedded code has left IoT devices open to embarrassing and expensive bugs; and not just bugs exploitable by hackers.
We’re talking about bugs leading to field failures and plagues of lawyers, scrap and redesign. Plus bugs sneaking by during mind-numbing manual reviews of millions of lines of code. Bugs that violate the very coding standards and guidelines meant to improve the security of embedded software such as the CWE (Common Weakness Enumeration) database project and the CERT C coding standard.
Second, security must be incorporated in your software development processes early and often. The paper argues that a type of analytical software tool called Static Analysis holds the key to achieve that end.
Static Analysis software is intended to help you identify and squash bugs as well as fix standards violations that can make embedded code insecure. Like integrated mechanical design analysis tools, it works from your earliest development stages and integrates into your workflows without fuss. Before you compile or test code and lock-in expensive late-cycle or aftermarket repair costs, it can detect vital security issues and vulnerabilities as well as provide the feedback you need to make corrections. By enabling such functionalities, Static Analysis can help reduce development costs and quicken development cycles.
“How IoT Is Making Security Imperative for All Embedded Software” is a sober yet ultimately hopeful read. If your outfit has anything to do with embedded code development or incorporating pre-coded systems into your IoT products, it’s a must read. Hit today’s Check it Out link and download your complimentary copy.
Thanks, Pal. – Lockwood
Anthony J. Lockwood
Editor at Large, DE