As embedded software becomes more ubiquitous and connected — powering everything from home appliances and cars to aircraft and mission-critical systems — organizations must take additional steps to ensure that the code produced is both secure and reliable.



Embedded software, however, presents a unique set of challenges for application development and engineering teams. To combat embedded software threats, teams are turning to strategies such as threat modeling, static analysis and penetration testing to secure their embedded code.


This paper will examine threat modeling and explain how it can be used in concert with secure development best practices, including defensive coding, automated source code analysis, peer code reviews, and penetration testing to both identify and mitigate embedded software threats.