Embedded systems experts at the Barr Group have uncovered alarming information about the state of embedded systems design. The group’s recent study, 2017 Embedded Systems Safety & Security Survey , reveals that a significant percentage of embedded systems designers are failing to place emphasis on the security and safety of their designs.
A surprising 28 percent of the 1,700+ qualified respondents indicated that the products they are designing are capable of causing injury or death in the event of a malfunction. Of these products, nearly half will always or sometimes be connected to the Internet. “Is it that hard to evaluate security and safety? Those who care about security must be larger than 28 percent,” Michael Barr, CTO of the Barr Group told Design News. “The percentage of people who were concerned about security as a design was only 60% in the study.”
The Barr Group has conducted this study in previous years. Over time, the results have shown no improvement. Barr said he was surprised that the results haven’t changed. “This is our third year of doing the survey. The disturbing part is that the surprisingly bad news from the prior two years is getting repeated in this year’s results,” said Barr. “We asked identical questions. We didn’t find any trend that was significant. Unfortunately, the trend of malpractice among these respondents is potentially dangerous.”
The Path Toward Safer Systems
Barr, who will present a keynote talk on the topic of embedded safety and security at next month's Embedded Systems Conference in Boston , explained that the ability to improve safety and security is not a mystery to embedded systems engineers. In the Executive Survey that opened the printed results of the study, the Barr Group noted there is a large opportunity to easily improve the safety of embedded systems by more broadly using well-known software development best practices.
The study also pointed out that safety and security are not elevated in industries where poorly designed systems could potentially affect a high number of consumers. The results found that safety practices are not clearly better in the automotive industry than in the medical device industry, even though many more lives are at risk with automotive failures.
Barr, himself, is a recognized expert in embedded design for automotive. His testimony regarding software formed the backbone of a headline-grabbing Toyota unintended acceleration trial of 2013. Barr has also cautioned that when it comes to safety and autonomous vehicles , we need more informed oversight.
Best Practices Need to Be Heeded
One of the recommendation to come from the study is that broader use of software development best practices can provide an opportunity to better secure the vast numbers of internet-connected devices that are getting developed. Yet best practices don’t help if safety and security are not on the priority list of the designers. The study revealed that designers of a remarkably large number of potentially dangerous, connected embedded systems are ignoring security altogether.
Though it is widely known that connected products can be hacked, 22% of embedded systems engineers who work on connected