Survey reveals safety-critical designers ignoring security

March 07, 2017 // By Peter Clarke
About a quarter of the designers of internet-connected products that could be dangerous do not have security as a design requirement, according to a survey of embedded systems designers conducted by the Barr Group consultancy.

Approximately 28 percent of the more than 1,700 qualified respondents in the survey indicated that the products they are designing are capable of causing injury or death to one or more people and of those products the respondents anticipated that nearly half will be always or sometimes connected to the Internet. The participants in the survey were drawn from all over the world with 50 percent in North America, 27 percent from Europe, 14 percent from Asia and 9 percent from other places.

Any computer, medical device or embedded system that is connected to the Internet can be attacked by hackers but despite this 22 percent of embedded systems engineers working on safety-critical products that would be deployed online said security was not even on their requirements list

"This is dangerously inadequate planning that puts all of us at greater risk," said Michael Barr, CTO of the Barr Group.

The survey also revealed that of the designers working on safety-critical projects that will be connected to the Internet: 19 percent follow no coding standards; 36 percent use no static analysis tools; and 42 percent conduct only occasional code reviews or none at all.

Related links and articles:

www.barrgroup.com

News articles:

Intrinsic-ID extends SRAM PUF security

PRQA: Developing secure embedded software

Presto Engineering: Secure Provisioning – A ‘Must Have’ for IoT Security