Electronic Design
Q&A: Barr Group Weighs in on Embedded Industry Concerns, Training Needs

Q&A: Barr Group Weighs in on Embedded Industry Concerns, Training Needs

Technology Editor Bill Wong talks with Barr Group’s CEO Andrew Girson about concerns he’s seeing in the embedded industry, how they are addressing these issues, and a peek at November training in Germany.

Download this article in .PDF format
This file type includes high resolution graphics and schematics when applicable.
Andrew Girson, Co-Founder and CEO, Barr Group

By providing guidance through training and consulting services, the Barr Group helps engineers and software-development teams build safe, reliable, and secure products. I had a chance to talk with Barr Group’s CEO Andrew Girson about what issues he’s seeing unfold in the embedded industry.

Wong: What are the biggest concerns you’re seeing from people and companies in the embedded industry?

Girson: Of the areas where Barr Group has particularly strong ties, specifically safety and security for embedded software, we see more interest and concern about safety right now. It appears to be easier to make the case to corporate management that time invested in making software safer is worth it. Yet, security seems to be a harder sell, most likely because security is not a feature that is demanded by the majority of device customers.

Notwithstanding the horror stories we hear in the media about cybersecurity breaches, it is often still an uphill battle for engineering teams to convince management to invest in security. Part of the reason for this is that security is such an open-ended topic. We see lots of companies struggle with determining an appropriate investment in embedded software security, and this often causes paralysis or a dismissive attitude toward security. This is changing, but not quickly enough.

Wong: As an independent training and consulting firm, what are your areas of expertise? What does Barr Group offer the embedded developer community that’s different than what’s available from other courses, workshops, and education offerings?

Girson: At Barr Group, we specifically focus on the safety, security, and reliability of embedded systems software — from the engineer’s perspective, not the vendor’s perspective. Our goal is to educate on best practices for the embedded software engineer. While we utilize third-party development kits and software tools in our training courses, we choose these tools based only on quality and education potential. We use these tools only as a means to an end—and that end is to teach engineers and teams how to create embedded software that is free of defects and highly maintainable.

Wong: Can you give me an example of your product development services? Do you specialize in one area or cover the entire development process? What qualifications do your team members bring?

Girson: Our expertise is primarily in embedded software architecture and process for secure and safety-critical devices. Typical customers are creating medical devices, vehicles, and other devices where safety and security are important. We provide consulting services to any company desiring to create better, more maintainable embedded software. This includes companies within the embedded silicon and tools market, as these companies are realizing that the quality of the software that they provide with their mainline products is more important than ever.

As an example, we do a lot of architectural analysis at the embedded software level, assisting development teams in creating architectures that are extensible, future-proof, and maintainable. We also do security analysis for many devices, evaluating the ability of the embedded software system to prevent hackers from penetrating and compromising the system, and making recommendations on security improvements.

Wong: I see that “firmware defect prevention” and “software best practices” are covered in your courses. Do you have any sense of what the most common causes of systems failure are? And are you seeing areas or industries that require more scrutiny when it comes to software quality?

Girson: Preventing software defects is a huge focus for Barr Group, and is a common theme in all of our training courses. All industries need high-quality embedded software, but those where human lives are at stake—such as aerospace, automotive, and medical devices—are key targets for our courses.

I wouldn’t say there is a typical cause of system or software failures, but certainly, we emphasize upstream proactive techniques and downstream techniques as well as individual- and team-based techniques to prevent defects. In the Firmware Defect Prevention for Safety-Critical Systems course, we teach upstream techniques that can be implemented by the proactive engineer and team. The techniques taught include the use of coding standards, static analysis, and code reviews.

Wong: What specific skills do engineering teams need that will help them prevent software failures in the future? What tips do you give them?

Girson: Forward-thinking organizations are investing more upfront in coding standards, code reviews, static analysis, and other activities that ensure code is properly vetted early in the process. Teams also can benefit from a more detailed understanding of embedded software architecture and how to choose or design an architecture that is not under- or over-specified. Yet, patience and discipline are also key general attributes of a good embedded software engineering team. Managers and executives must realize that creating high-quality software takes time and effort, which is almost always rewarded with the discovery of fewer costly downstream errors.

Wong: Security is a topic of growing importance in the embedded industry. How can embedded-systems designers prevent vulnerabilities and detect common software attacks?

Girson: You’re right, security is growing in importance, and safety and security are highly intertwined. Security is a huge challenge, because it is essentially an open-ended arms race with the bad guys. Embedded-systems designers can benefit from a variety of key lessons, including how to perform threat assessments and security analyses, identifying the top 10 software vulnerabilities, leveraging proper development processes to increase security, and using cryptography and other techniques to secure data-at-rest and data-in-motion.

Barr Group’s upcoming training calendar, including the company’s first training courses beginning November 9 in Germany, can be found at www.barrgroup.com/Training-Calendar.

TAGS: Interviews
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish