MENU

Embedded developers using risky open-source code to fix schedules, say analysts

Embedded developers using risky open-source code to fix schedules, say analysts

Technology News |
By eeNews Europe



The sponsored research from VDC detailing the growing challenges faced by embedded developers comes in a report entitled “Software Quality and Security Challenges from Rapid Rise of Third-Party Code,” which highlights the delivery challenges of producing high quality code, and the reasons why more embedded teams are using third-party code to meet delivery dates despite the challenges and potential security vulnerabilities such code may cause.

“According to our research, over 40% of embedded engineers report their projects are running behind schedule – as a result, we are seeing significant growth in the use of open-source code and third-party code, as teams try to catch up with slipping delivery dates,” said Andre Girard, Senior Analyst at VDC. “Developers lack access to third-party commercial source code, creating dangerous quality and security blind spots if the third-party binaries aren’t analysed.”

According to many developers surveyed by VDC, the use of commercial third-party code is expected to increase across all major industries; survey findings indicated that 40.5% of respondents in medical device manufacturing, 28.6% in aerospace and defence, and 22.2% in auto[motive] and rail expected to see an increase in commercial third-party code.


When development teams don’t have access to the source of such third-party code, they cannot use standard static source code analysis to find defects in those components. Binary code analysis allows developers to eliminate this blind spot – it performs an analysis on the binary of a given code base, providing reports on parts of their code that would otherwise remain a mystery.

“To meet the tight delivery timelines that embedded teams face and protect against the myriad of cyber-attacks that continue to proliferate, developers need tools that are capable of analysing their entire code base, not just the code they have the source for,” said Paul Anderson, Vice President of Engineering at GrammaTech. “Adding binary analysis to CodeSonar was a clear next step in the vision to provide developers with a complete static analysis solution.”

In addition to the growing use of commercial third-party code, VDC researchers also found that the size of embedded code bases is growing at roughly twice the speed of the embedded developer community, underscoring the importance of a robust automated testing suite. “Companies simply cannot keep pace with the demand for innovation in the embedded space with developers alone,” added Girard. “To scale to meet the quality and security challenges of rapidly-expanding embedded code bases, teams need an arsenal of tools, including static binary analysis.”

Increasing the use of third-party code can help embedded development teams accelerate their time-to-market in industries such as medical devices, aerospace, and transportation where software capabilities are key drivers of innovation and competitive advantage. Safe use of commercial third-party code in an embedded system is covered in the report; download it from; https://www.grammatech.com/whitepapers/vdc-report-software-quality-security-challenges-growing-with-third-party-code

Originally developed within Cornell University, GrammaTech is now a research centre for software security and a commercial vendor of software-assurance tools and cyber-security solutions. With both static and dynamic analysis tools that analyse source code as well as binary executables, GrammaTech aims to advance the science of software analysis, providing technology for developers to produce safer software; www.grammatech.com

See also; Analysts VDC; www.vdcresearch.com

If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :    eeNews on Google News

Share:

Linked Articles
10s