Developing Secure Embedded Software

Many organizations are only now becoming aware of the need to incorporate security into their software development lifecycle. Raising awareness of common pitfalls is the first step to avoid falling prey to them, but awareness by itself is insufficient. Understanding security is one thing; applying that understanding in a complete and consistent fashion to meet security goals is quite another. Effectively addressing embedded software security requires a combination of people, process, and technology. No single tool, technique, or process will ever provide a complete solution. This paper explains why some commonly used approaches to security typically fail and outlines a development strategy for getting security right.