Dave Morris

Dave Morris

David James Morris is Director of Enterprise Solutions at Programming Research Ltd. He has over 20 years experience working for leading organizations in both the enterprise software and medical device industries, helping pharmaceuticals, automotive and aerospace organizations achieve business objectives.

Author's Posts

Who Cares About Embedded Code Security?

Dave Morris

HINT: They Don't Work In Your Organization:

In general code security often gets overlooked and when it comes to embedded software, code security has long taken a back seat to code quality. But there are plenty of people who do care about code security and are testing the security of your code. Unfortunately, most of them don’t have your interests in mind.

Code security is based on secure coding practices and writing applications that are resistant to attack by malicious or mischievous people or applications. Secure coding helps protect a user’s data from theft or corruption. Also, an insecure application will allow an attacker to take direct control of a device or provide an access path to another device, resulting in anything from a denial of service to a single user to the compromise of secrets, loss of service, or damage to the systems of thousands of users. 

Secure coding is important for all software; whether you write code that runs on mobile devices, personal computers, servers or embedded devices, you should become familiar with the techniques and tools to support this practice.

 

Read More
Topics: secure application development, Security

Is Your Embedded Software Rugged By Design?

Dave Morris

WHY BE RUGGED?

The rate at which software is being embedded into “things” is exploding. Manufacturers in the appliance, automotive, consumer electronics, and medical device industries are rapidly expanding
 the use of embedded devices powered by software, making smarter products and adding new features and capabilities. To meet the growing demand for software and to keep up with rapidly changing business and consumer trends, developers are under pressure to write and reuse more code than ever, to deliver newer and better features, and to do it all faster. This evolution dramatically impacts the reliability, safety and security requirements for software- it needs to be Rugged, like never before.

Read More

Why Security Features Don't Secure Software

Dave Morris

ENCRYPTION IS NO GUARANTEE OF SECURITY:

Secure software (or the lack thereof) is a now a daily news topic and a major challenge for a growing number of companies who are increasing the amount and complexity of software in their products. Many software architects and developers lack training in security technologies and techniques and have only a rudimentary understanding of what should be done to improve application security. The urgency to improve application security has resulted in security being added to the requirements list in the form of features. This has resulted in feature requirements such as application firewalls, data encryption modules, and adding SSL to secure data flows. While these are all positive improvements; security features don’t do much to address some of the most prevalent security issues, which are the result of insecure code.

Read More
Topics: secure application development, Static Analysis

3 Barriers to Automating Software Development

Dave Morris

THE PARADOX OF SOFTWARE DEVELOPMENT:

It is somewhat paradoxical that many industries use software to automate and improve the delivery of products, yet the way software is often developed lags behind in the use of automation. Static analysis offers the promise of automation to improve the safety, security and reliability of software dramatically. However, purchasing a static analysis tool alone will not guarantee better software.

Read More

What Does The Jeep Hack Really Mean for IoT?

Dave Morris

Are We On The Road To Ruin :

Shortly after Wired’s scoop about Jeep vulnerabilities and the consequent decision of Fiat Chrysler to recall 1.4 million cars in the US to update their software, it provides a glimpse into the future and highlights some issues that promise to be fairly common in the future of automotive (and all other connected smart "things" ).

Read More
Topics: secure application development, Security, CERT-C

4 (Bad) Reasons Not To Use Static Analysis

Dave Morris

Is is Time to Reconsider Using Static Analysis?:

Static source code analysis is not a panacea for delivering high quality secure software. But many developers are quick to dismiss static analysis, often based on heresay, or experience with poorly designed tools or low-level bug catchers .

The old excuses are no longer valid for avoiding static code analysis

 

Read More

What Can Embedded Developers Learn from the Failures of Network Security?

Dave Morris

"What's past is prologue"

Networks, personal computers and servers have long been under fire from hackers and criminals leading to headline grabbing data breaches world wide and spurring massive investments in security technology.  And cyberattacks are expected to increase further as devices from phones to appliances to cars become connected to the Internet. 

Read More
Topics: Security, Code Review

Humans Learn To Produce Error-Free Embedded Source Code

Dave Morris

THE HEADLINE YOU'LL NEVER SEE:

If you were expecting to read about a major scientific discovery on a new gene therapy to improve brain functions and reasoning skills to write error-free code -we’re sorry but you’re out of luck.

So what can we do to address the human element in the software development lifecycle? According to an independent study by UC Berkeley researchers “

Read More
Topics: Code Review, code complexity, software quality

Building Better Software

Improving Reliability Safety and Security

We live in an interconnected world — people are interacting with machines and devices that are in turn communicating with each other-  our lives and livelihoods now depend on software.

Software innovation is driving the creation of new products and markets, increasing the pressure on development organizations to deliver more features under tight schedules and budget – and unreliable, unsafe and insecure software is not an option. 

This blog is intended to share insights and approaches to help organizations manage the increasing complexity of embedded software development and to launch secure, high-quality, feature-rich products, ahead of the competition

Subscribe to Email Updates

New Call-to-action