The reasons why more embedded teams are using third-party code
GrammaTech has released latest sponsored research from VDC detailing the growing challenges faced by embedded developers. The report, titled Software Quality and Security Challenges from Rapid Rise of Third-Party Code, highlights the delivery challenges of producing high quality code, and the reasons why more embedded teams are using third-party code to meet delivery dates despite the challenges and potential security vulnerabilities such code may cause.
According to many developers surveyed by VDC, the use of commercial third-party code is expected to increase across all major industries. Survey findings indicated that 40.5% of respondents in medical device manufacturing, 28.6% in aerospace and defence, and 22.2% in auto and rail expected to see an increase in commercial third-party code.
When development teams do not have access to the source of such third-party code, they cannot use standard static source code analysis to find defects in those components. Binary code analysis allows developers to eliminate this blind spot, it performs an analysis on the binary of a given code base, providing reports on parts of their code that would otherwise remain a mystery.
In addition to the growing use of commercial third-party code, VDC researchers also found that the size of embedded code bases is growing at roughly twice the speed of the embedded developer community, underscoring the importance of a robust automated testing suite.
“Companies simply cannot keep pace with the demand for innovation in the embedded space with developers alone,” said Andre Girard, Senior Analyst, VDC. “To scale to meet the quality and security challenges of rapidly expanding embedded code bases, teams need an arsenal of tools, including static binary analysis.”
Increasing the use of third-party code can help embedded development teams accelerate their time-to-market in industries such as medical devices, aerospace and transportation where software capabilities are key drivers of innovation and competitive advantage. To learn more about how to safely use commercial third-party code in your embedded system, download VDC’s latest research report: Software Quality and Security Challenges from Rapid Rise of Third-Party Code.
“To meet the tight delivery timelines that embedded teams face and protect against the myriad of cyber-attacks that continue to proliferate, developers need tools that are capable of analysing their entire code base, not just the code they have the source for,” commented Paul Anderson, Vice President of Engineering, GrammaTech. “Adding binary analysis to CodeSonar was a clear next step in the vision to provide developers with a complete static analysis solution.”