Embedded developers using risky open-source code to fix schedules, say analysts

April 21, 2015 // By Graham Prophet
Analysis, sponsored by software-tool vendors GrammaTech and carried out by VDC Research, has found that 40% of embedded developers report projects are behind schedule; as part of the solution they are increasingly turning to third-party code, which is possibly contributing to security challenges, yet is still projected to increase by at least 20% in major embedded sectors

The sponsored research from VDC detailing the growing challenges faced by embedded developers comes in a report entitled “Software Quality and Security Challenges from Rapid Rise of Third-Party Code,” which highlights the delivery challenges of producing high quality code, and the reasons why more embedded teams are using third-party code to meet delivery dates despite the challenges and potential security vulnerabilities such code may cause.

“According to our research, over 40% of embedded engineers report their projects are running behind schedule – as a result, we are seeing significant growth in the use of open-source code and third-party code, as teams try to catch up with slipping delivery dates,” said Andre Girard, Senior Analyst at VDC. “Developers lack access to third-party commercial source code, creating dangerous quality and security blind spots if the third-party binaries aren’t analysed.”

According to many developers surveyed by VDC, the use of commercial third-party code is expected to increase across all major industries; survey findings indicated that 40.5% of respondents in medical device manufacturing, 28.6% in aerospace and defence, and 22.2% in auto[motive] and rail expected to see an increase in commercial third-party code.