Probably not very happy. This may not have been an issue when you got your first VHS player, but it is an unavoidable consequence of the perpetual, ubiquitous connectivity of today’s embedded systems. Over 50% of respondents in VDC’s 2010 Software and System Development Survey indicated that they expected a project similar to their current one to include a web component within the next two years - a 20% increase over current project values.
Clearly, embedded system engineering no longer implies work on isolated, autonomous systems. Embedded engineering teams now need to be cognizant of potential security threats, in addition to mitigating possible deterministic, memory, and/or processing requirements.
Today, Wind River, a leading embedded operating system vendor, and McAfee, a leading security solution provider, announced a formal collaboration to develop a tightly integrated security solution for non-PC (embedded) devices. Although the announcement of this strategic partnership may not be a huge surprise since both companies are now subsidiaries of Intel, we believe that it addresses a growing gap in the marketplace.
Although our research indicates that a majority of engineers are at least acknowledging that security could be an issue for their current projects, the jury is still out on how best to ensure it. Runtime solutions, such as that suggested through Wind River and MacAfee or even a standalone hypervisor used to create a “securely” partitioned guest OS, are one approach; however, we believe that it is equally important for security to be “designed into” the application through the judicious implementation of development and coding standards combined with the use of automated test solutions, such as static analysis tools, to minimize the amount of vulnerable code that could possibly be deployed within an end device.
One thing is for certain, the evolution of embedded and mobile systems is already causing many embedded engineering firms to reevaluate their existing solution sets.
How has your company changed to address this growing issue?
Stay tuned - VDC will be covering embedded system security as part of our Safety and Security report from our 2011 Embedded Software and Tools Market Intelligence Service.