Jeff Fortin

Jeffrey Fortin

July 31, 2017

As embedded code will move beyond fixed function devices to field upgradable and configurable devices, how do we develop software products that are safe and secure as they are continuously changing when deployed in the field?

Earlier this year I introduced Vector Software’s concept of the embedded enterprise. In summary, we find that as many organizations realize that the products they sell have an ever-increasing dependency on software to deliver value, there is an emerging software type that has aspects of enterprise, personal and embedded software. This is what we refer to as the new “embedded enterprise.”  

To expand on the concept and explore the embedded enterprise in more depth, let’s first look at the software lifecycle as it relates to overall product lifecycle management. The traditional view of the software lifecycle in embedded development has typically followed a process of defining requirements, writing code, testing, deployment, etc.  As the industry has evolved, however, product lifecycle management has drastically evolved as well. The Internet of Things (IoT) provides a perfect example of this. 

In a traditional model when a product was delivered to customers, it remained static. This is what we call a fixed function device. With IoT, products are now delivered with software updates continuously pushed out or with the ability to configure the device remotely, changing the behavior of the device. With any change comes risk, including loss of quality -- and that can put safety at stake in some cases. 

In a connected car application, for example, if you have a Tesla, your existing car can be improved and changed. You didn't have to buy a new Tesla for this to happen; they just sent you a software update. In order to support this business model, there has to be a software testing and a quality model that works continuously throughout the lifecycle of that product.   

Furthermore, IoT is an evolving communications platform. With IoT, enterprises need to not only test the communications protocols but also test the implementation of the protocol stack. They need to check for vulnerabilities that could cause incorrect behavior or even a software crash.  

Because of IoT, there is now an interconnection of physical and virtual devices based on interoperable communication technologies. As a new class of electronic devices now have network connectivity, embedded software is at the center because it serves as the critical technology foundation for embedded devices. 

This has expanded the scope of responsibility into an entirely new category of platforms and services and redefined security needs. Furthermore, safety can actually become an issue when security is compromised as these embedded applications are now powering many safety-critical products such as medical devices, automobiles, manufacturing equipment and more. 

In the new embedded enterprise, developers need to ensure that software not only meets requirements but that the code is written in a way that doesn't lend itself to exploits and is not exposed to weaknesses. Following best practices for code construction to make sure software has as few weaknesses as possible is crucial. The new dynamic aspect driven by technologies such as IoT has also drastically redefined the requirements for more comprehensive and continuous software testing.