Barr Group will release the final analysis of its 2018 Embedded Systems Safety & Security Survey on February 27, 2018. Preliminary results reveal startling news regarding the state of security for Internet of Things (IoT) devices. Of the embedded systems developers working on internet-connected or IoT projects, 22 percent do not list security as a product requirement for their current project. With the growing number of hacks and cyberattacks threatening internet-connected devices, this statistic serves as a warning that security breaches and attacks will continue to plague the embedded system industry in the short-term future.
Completed by more than 1,700 qualified respondents, the survey was designed to gauge the state of product development practices of embedded systems engineers from around the world (46 percent from North America, 33 percent from Europe, 10 percent from Asia, and 11 percent from other geographies). Based on survey data from 2018 as well as results from prior years, the embedded industry is showing modest improvement when it comes to making security a design consideration during product development, rising six percentage points from 2016 to today’s 67 percent. However, with 33 percent of all embedded engineers and 22 percent of engineers designing internet-connected devices still neglecting to focus on security during product design, the IoT continues to be an “Internet of Insecure Things.”
Further compromising the state of IoT security, survey results reveal that engineers developing IoT devices are still neglecting to implement industry-recommended design practices known to raise security levels of embedded systems. Of the engineers designing internet-connected devices:
- 54% lack regular code reviews
- 49% fail to perform static analysis
- 33% lack a written coding standard
- 17% lack a bug database
In addition, the survey found that fewer than half of all embedded engineers designing for the IoT encrypt their data.
For more information, visit the Barr Group.