As the use of embedded software in devices spreads, the need to update that embedded software is growing. And so is the challenge for developers of identifying "latent" bugs. This is not just an IT operational consideration – in the age of Stuxnet it is also a security consideration. Static analysis of embedded software is one powerful tool for ensuring that the software does what it is supposed to do.
Embedded software in devices of all sorts is not new. It has been widely used in the automotive industry for a couple of decades now. But the fast-growing "Internet of things" means that devices with embedded software are more prevalent than ever before. Moreover, that software is now likely to go online: to report device status, to receive commands for the device, or to update the software itself.
Which means that bugs in the software could have wider impact – including potential exploitation by cyber-attackers. Stuxnet, the software "worm" used to wreck thousands of centrifuges used by Iran's nuclear program, demonstrates how attackers cojuld use flaws in embedded software.
As Chris Bubinas notes at the kloktalk blog, the development process for embedded software creates the potential for latent bugs to influence software behavior. Developers make wide use of "recycled" code. One study showed that 84 percent of embedded software developers used such code in their most recent projects.
Re-using code is highly efficient, but especially in embedded software it can have unexpected effects. The development cycle for embedded software is comparable to the hardware cycle, meaning that the recycled code may be running on hardware with changed properties. Upgraded processors are the most common example of such changes.
Compiler updates can also introduce subtle changes – especially if the code relied on subtle bugs in the older compiler.
Source code analysis using advanced static analysis tools is the best way to ensure that recycled source code (or, indeed, newly written code) will do what it is supposed to do, and not exhibit unexpected properties that an attacker might exploit. Let GRT Corporation assist your company to implement static analysis, and develop embedded software with confidence.
Big Data and related technologies – from data warehousing to analytics and business intelligence (BI) – are transforming the business world. Big Data is not simply big: Gartner defines it as "high-volume, high-velocity and high-variety information assets." Managing these assets to generate the fourth "V" – value – is a challenge. Many excellent solutions are on the market, but they must be matched to specific needs. At GRT Corporation our focus is on providing value to the business customer.
