Barr Group's 2017 Embedded Systems Safety & Security Survey Uncovers Dangerous Flaws in Safety-Critical Device Design
CORRECTION...by Barr Group
GERMANTOWN, Md.-- Please replace the release dated March 7, 2017, with the following corrected version due to multiple revisions.
The corrected release reads:
22 Percent of Designers of Potentially-Injurious, Internet-Connected Products are Paying Zero Attention to Security
Barr Group, The Embedded Systems Experts®, has uncovered alarming information about the state of embedded systems design in its 2017 Embedded Systems Safety & Security Survey. This survey revealed that a significant percentage of embedded systems designers of potentially injurious products are failing to place emphasis on the security of their designs – even though they are Internet-connected.
Approximately 28 percent of the more than 1,700 qualified respondents (50 percent from North America, 27 percent from Europe, 14 percent from Asia, and 9 percent from other geographies) indicated that the products they are designing now are capable of causing injury or death to one or more people (i.e., in the event of a malfunction). Of such products, respondents anticipated that nearly half will always or sometimes be connected to the Internet.
It is widely known that any computer connected to the Internet – including a medical device or other embedded system – can be remotely attacked through hacking. Despite this, 22 percent of embedded systems engineers working on safety-critical products that would be online said security was not even on their requirements list for the product. “This is dangerously inadequate planning that puts all of us at greater risk,” said Michael Barr, Barr Group CTO.
Survey findings also revealed that of the designers working on safety-critical projects that will be connected to the Internet,
• 19 percent follow no coding standards,
• 36 percent use no static analysis tools, and
• 42 percent conduct only occasional code reviews or none at all.
“When safety-critical devices come online, it is imperative that the devices are not only safe but also secure,” Barr said. “Considering the many security concerns that currently exist in the IoT, any connected device that has not been designed with security in mind is at risk for tampering, and the results for safety-critical devices can be catastrophic. By failing to design security into a device that is connected to the Internet – especially a safety-critical device, where lives are at risk – we are putting our heads in the sand.”
March 23 Webinar to Provide Detailed Analysis of Survey Results
Barr Group will host a free webinar on Thursday, March 23, 2017 at 1PM ET to discuss the findings from the 2017 Barr Group Embedded Systems Safety & Security Survey. To register for the event, go to barrgroup.webinato.com/registration/pid=5257148[...].
For more information about Barr Group, contact email@example.com.
About Barr Group
Barr Group, The Embedded Systems Experts®, is an independent provider of world-class product design, training, and corporate and legal technical consulting services for the embedded systems industry. Founded by internationally known experts in the design of safe and secure embedded systems, Barr Group is driven by its mission to help companies improve the overall reliability and security of all embedded systems–based applications. Applications strengthened as a result of services and resources provided by Barr Group include those in the automotive, medical, defense, industrial controls, consumer electronics, and Internet of Things (IoT) markets. Barr Group has assisted thousands of engineers in the development of safer, more reliable electronic products through its Embedded C Coding Standard™ and continues to push the embedded systems industry forward with the annual release of Barr Group’s Embedded Systems Safety & Security Survey™. For more information about Barr Group, go to www.barrgroup.com.
Barr Group, The Embedded Systems Experts, Embedded C Coding Standard, Embedded Systems Safety & Security Survey, Embedded Software Boot Camp, Embedded Android Boot Camp, and Embedded Security Boot Camp are trademarks or service marks of Integrated Embedded, LLC d/b/a Barr Group.