Use of Third-Party Code Contributing to Security Challenges, Yet Still Projected to Increase by at Least 20% in Major Embedded Sectors
GrammaTech, Inc., a leading maker of tools that improve and accelerate embedded software development, today released new sponsored research from VDC detailing the growing challenges faced by embedded developers. The report, Software Quality and Security Challenges from Rapid Rise of Third-Party Code, highlights the delivery challenges of producing high quality code, and the reasons why more embedded teams are using third-party code to meet delivery dates despite the challenges and potential security vulnerabilities such code may cause.
“According to our research, over 40% of embedded engineers report their projects are running behind schedule – as a result, we are seeing significant growth in the use of open-source code and third-party code, as teams try to catch up with slipping delivery dates,” said Andre Girard, Senior Analyst at VDC. “Developers lack access to third-party commercial source code, creating dangerous quality and security blind spots if the third-party binaries aren’t analyzed.”
According to many developers surveyed by VDC, the use of commercial third-party code is expected to increase across all major industries; survey findings indicated that 40.5% of respondents in medical device manufacturing, 28.6% in aerospace and defense, and 22.2% in auto and rail expected to see an increase in commercial third-party code. When development teams don’t have access to the source of such third-party code, they cannot use standard static source code analysis to find defects in those components. Binary code analysis allows developers to eliminate this blind spot – it performs an analysis on the binary of a given code base, providing reports on parts of their code that would otherwise remain a mystery.
“To meet the tight delivery timelines that embedded teams face and protect against the myriad of cyber-attacks that continue to proliferate, developers need tools that are capable of analyzing their entire code base, not just the code they have the source for,” said Paul Anderson, Vice President of Engineering at GrammaTech. “Adding binary analysis to CodeSonar was a clear next step in the vision to provide developers with a complete static analysis solution.”
In addition to the growing use of commercial third-party code, VDC researchers also found that the size of embedded code bases is growing at roughly twice the speed of the embedded developer community, underscoring the importance of a robust automated testing suite. “Companies simply cannot keep pace with the demand for innovation in the embedded space with developers alone,” added Girard. “To scale to meet the quality and security challenges of rapidly-expanding embedded code bases, teams need an arsenal of tools, including static binary analysis.”
Increasing the use of third-party code can help embedded development teams accelerate their time-to-market in industries such as medical devices, aerospace, and transportation where software capabilities are key drivers of innovation and competitive advantage. To learn more about how to safely use commercial third-party code in your embedded system, download VDC’s latest research report: Software Quality and Security Challenges from Rapid Rise of Third-Party Code.