Can poorly designed embedded devices kill?

The industry is not taking safety and security seriously enough, according to the Barr Group, who conducted a survey to better understand the state of safety- and security-aware embedded systems design around the world.

The survey incorporates complete responses from more than 2,400 qualified engineers, 46 percent from North America, 33 percent from Europe, and 11 percent from Asia. Such a large, worldwide response makes this independent survey a comprehensive look at the state of safety-critical and security-aware engineering design practices for the devices that drive business and industry worldwide.

The data that emerge from this survey indicate reasons for the engineering community to be concerned and for design practices to be improved. Findings include:

Poorly designed embedded devices can kill. In the case of product malfunction, 29 percent of respondents’ current design projects could result in injury or death.

Security is not taken seriously enough. Only 31 percent of respondents who report that security is a design requirement consider that requirement more important than meeting the project’s delivery schedule.

Proactive techniques for increasing safety and security are used less often than they should be. Only 38 percent of respondents currently subject all their software source code to peer review, and respondents use static analysis tools in less than half of current projects.

Despite highlighting these disturbing trends and others, the survey does reveal that reliability—crucial to both safety and security—is highly valued by embedded systems designers.

Over 90 percent of respondents say that reliability is at least as important as meeting the project schedule, and 38 percent of respondents report that the reliability requirements of their current project are higher than those of previous projects.