This file type includes high resolution graphics and schematics when applicable.
The Barr Group’s latest survey results from embedded programmers reveals some interesting statistics about safety and security in current development. I have taken a closer look at the results and a couple stand out. The average years of experience of the responders was 15.9 years.
The results from the question about primary security concerns (Fig. 1) indicate that product tampering, cloning, and theft of IP are high on the corporate priority list. These are important issues, but they do seem to play second fiddle to customer-related concerns highlighted in orange, such as injury and death.
The problem is that developers have a finite amount of resources and protections against cloning and IP theft, can but do not always help improve a product’s overall safety and security. The bigger question is whether companies limit their security support to only addressing these types of issues.
The other aspect that jumped out at me was code-standard enforcement (Fig. 2). Only a small fraction utilize fully or partly automated compliance. Code reviews and voluntary compliance made up the bulk of the responses. I do find code reviews useful, but they are better used to finding architectural bugs. Software tends to do a better job at finding compliance issues. The usual reason for coding standards is to reduce errors due to improper usage of tools. Unfortunately C remains the dominant embedded tool and C allows a programmer to easily make mistakes that automated tools can catch.
No survey can capture all the nuances of engineers, but it is definitely worth looking at the details of what the Barr Group has come up with.
Looking for parts? Go to SourceESB.