Software Assurance            Software Hardening            Autonomic Computing

New VDC Research Finds 40% of Embedded Developers Report Projects are Behind Schedule

Use of Third-Party Code Contributing to Security Challenges, Yet Still Projected to Increase by at Least 20% in Major Embedded Sectors

ITHACA, NY – GrammaTech, Inc., a leading maker of tools that improve and accelerate embedded software development, today released new sponsored research from VDC detailing the growing challenges faced by embedded developers. The report, Software Quality and Security Challenges from Rapid Rise of Third-Party Code, highlights the delivery challenges of producing high quality code, and the reasons why more embedded teams are using third-party code to meet delivery dates despite the challenges and potential security vulnerabilities such code may cause.

"According to our research, over 40% of embedded engineers report their projects are running behind schedule – as a result, we are seeing significant growth in the use of open-source code and third-party code, as teams try to catch up with slipping delivery dates," said Andre Girard, Senior Analyst at VDC. "Developers lack access to third-party commercial source code, creating dangerous quality and security blind spots if the third-party binaries aren't analyzed."

According to many developers surveyed by VDC, the use of commercial third-party code is expected to increase across all major industries; survey findings indicated that 40.5% of respondents in medical device manufacturing, 28.6% in aerospace and defense, and 22.2% in auto and rail expected to see an increase in commercial third-party code. When development teams don’t have access to the source of such third-party code, they cannot use standard static source code analysis to find defects in those components. Binary code analysis allows developers to eliminate this blind spot – it performs an analysis on the binary of a given code base, providing reports on parts of their code that would otherwise remain a mystery.

"To meet the tight delivery timelines that embedded teams face and protect against the myriad of cyber-attacks that continue to proliferate, developers need tools that are capable of analyzing their entire code base, not just the code they have the source for," said Paul Anderson, Vice President of Engineering at GrammaTech. "Adding binary analysis to CodeSonar was a clear next step in the vision to provide developers with a complete static analysis solution."

In addition to the growing use of commercial third-party code, VDC researchers also found that the size of embedded code bases is growing at roughly twice the speed of the embedded developer community, underscoring the importance of a robust automated testing suite. "Companies simply cannot keep pace with the demand for innovation in the embedded space with developers alone," added Girard. "To scale to meet the quality and security challenges of rapidly-expanding embedded code bases, teams need an arsenal of tools, including static binary analysis."

Increasing the use of third-party code can help embedded development teams accelerate their time-to-market in industries such as medical devices, aerospace, and transportation where software capabilities are key drivers of innovation and competitive advantage. To learn more about how to safely use commercial third-party code in your embedded system, download VDC’s latest research report: Software Quality and Security Challenges from Rapid Rise of Third-Party Code.

About GrammaTech:
GrammaTech tools are used by software developers worldwide, spanning a myriad of embedded software industries including avionics, government, medical, military, industrial control, and other applications where reliability and security are paramount. Originally developed within Cornell University, GrammaTech is now a leading research center for software security and a commercial vendor of software-assurance tools and advanced cyber-security solutions. With both static and dynamic analysis tools that analyze source code as well as binary executables, GrammaTech continues to advance the science of superior software analysis, providing technology for developers to produce safer software.

About VDC:
VDC has been covering the embedded systems market since 1994 and the use of lifecycle management solutions since 2000. Data supporting discussions in this paper is based on findings from VDC’s most recent Software and System Development Survey. This survey collects input from more than 500 engineers across the globe and is used within a series of reports produced by VDC in 2014. The respondents are directly involved in software and systems development across a range of industries including automotive, aerospace and defense, telecommunications, medical, industrial automation, and consumer electronics, among others.