The world of embedded systems has gone through a massive transformation in recent years.
The rise of smart devices, the Internet of Things, mobile computing platforms, connected devices and a range of other innovations have driven embedded system deployments through the roof. Industry observers estimate IoT deployments alone account for 23 billion device deployments in 2018, up from 15 million in 2015. And that number is projected to triple in the next six years.
The explosion in demand has had a major impact on the makers of embedded systems and the products containing them.
Continue reading “Build it fast, and build it secure: see the latest at Embedded World” »
The deployment modes and functionality of embedded systems have evolved rapidly in recent years, thanks to widespread connectivity of Internet of Things devices and associated systems.
Yet the common security practices for most embedded systems remain largely unchanged from the days when they were isolated, air-gapped systems.
The shortfall in embedded system security is leading to sharply escalating risk of cyberbreaches. The trend is leading industry experts to advise embedded system developers to make security a top priority in design practices and product development.
Continue reading “Tracking and Maintaining the Security of Embedded Systems” »
Some product management decisions are hard. Product managers are constantly weighing trade-offs among time-to-market, functionality, competitive differentiation, development costs and other factors.
But some product decisions seem like no-brainers. Would you bring an IT product to market that puts customers at significantly increased risk of security breaches, privacy violations, potentially massive fines, and lawsuits?
“Of course not. That would be lunacy,” you can imagine the typical product manager as saying. Yet companies are shipping products every day that introduce this sort of risk into customer environments.
Continue reading “The Risks of a ‘Stale, Abandoned’ Product” »
The motivation of hackers sometimes can be plain as day. Other times, not so much.
As attacks on Internet of Things (IoT) devices and deployments escalate, it is important to understand what these attackers are trying to accomplish. Understanding these motives, after all, can help us to pinpoint why a security vulnerability represents a risk, to prioritize mitigation and defenses, and to focus responses to attacks.
Continue reading “Who is attacking IoT? What do they want?” »
This week we announced a new release of our TimeStorm Integrated Development Environment (IDE). TimeStorm 5.3.2 IDE is designed to streamline, simplify and accelerate the development of secure Internet of Things (IoT) and embedded Linux applications.
In an era of heightened awareness of embedded software security and device security risks, product developers need to be able to adopt security best practices without delaying the development and release of new products.
Continue reading “New IDE version produces shorter time-to-market for secure IoT devices and embedded Linux applications” »
Research, reporting and commentary about Internet of Things security has made a flurry of technology headlines over the past several years. And industry observers are commenting that IoT security may finally be gaining the attention it deserves among technology decision makers.
So will 2019 be a milestone year for IoT security?
Or will more IoT security failures lead to more industry regulation, more vendor criticism and more conversation, not enough action?
Continue reading “Progress toward IoT security … a little less conversation, a little more action please” »
As 2018 draws to a close, we’ve seen a landmark year in cybersecurity for embedded systems and the Internet of Things (IoT), marked by escalating threats, new regulation, and broader attacks.
Here’s a look back at three important IT security milestones in 2018 and a look forward with some predictions for 2019 and beyond.
Continue reading “‘Be Secure or Be Fined’ … 2018’s major milestones in IoT and embedded system security” »
This blog post is published in full as a guest post on Embedded Computing Design.
In mid-November, the total count of vulnerabilities reported in 2018 surpassed the total for 2017, setting a new record for vulnerabilities with six weeks left in the calendar year.
At this pace, we are on track to see the count of Common Vulnerabilities & Exposures (CVEs), the authoritative index of confirmed IT system vulnerabilities, reach 16,000 or more vulnerabilities for this year, according to tracking site CVE Details.
Continue reading “Another Record Year for Vulnerabilities … Time to Join the CIA?” »
It’s perhaps the longest standing myth in IT:
You can deploy IT quickly, or you can deploy it securely. But you can’t do both.
This supposed trade-off touches virtually every aspect of IT, from product development, to market release, to customer deployment, production product maintenance, and all associated stages.
Continue reading “Can products be developed quickly and be secure at the same time?” »
As the flood of vulnerabilities continues to rise, attention is turning to how embedded system products can be made more secure.
Almost 20 years ago, the concept of security by design was a popular new trend in software development. The focus on baking in security at product design stages was driven by the massive rise in on-line applications, e-commerce features and other Internet-connected, web-enabled software.
As these systems and applications were deployed and became widespread, the expanding attack surface made them attractive targets for attackers looking to steal user information and financial data. So naturally the industry’s response was to rethink and reinvent security in the new threat environment. That meant defining best practices for creating more secure applications at the design stage.
Continue reading “The new focus on ‘Security by Design’” »