Who Cares About Embedded Code Security?

Dave Morris

HINT: They Don't Work In Your Organization:

In general code security often gets overlooked and when it comes to embedded software, code security has long taken a back seat to code quality. But there are plenty of people who do care about code security and are testing the security of your code. Unfortunately, most of them don’t have your interests in mind.

Code security is based on secure coding practices and writing applications that are resistant to attack by malicious or mischievous people or applications. Secure coding helps protect a user’s data from theft or corruption. Also, an insecure application will allow an attacker to take direct control of a device or provide an access path to another device, resulting in anything from a denial of service to a single user to the compromise of secrets, loss of service, or damage to the systems of thousands of users. 

Secure coding is important for all software; whether you write code that runs on mobile devices, personal computers, servers or embedded devices, you should become familiar with the techniques and tools to support this practice.

 

Read More
Topics: secure application development, Security

Why Security Features Don't Secure Software

Dave Morris

ENCRYPTION IS NO GUARANTEE OF SECURITY:

Secure software (or the lack thereof) is a now a daily news topic and a major challenge for a growing number of companies who are increasing the amount and complexity of software in their products. Many software architects and developers lack training in security technologies and techniques and have only a rudimentary understanding of what should be done to improve application security. The urgency to improve application security has resulted in security being added to the requirements list in the form of features. This has resulted in feature requirements such as application firewalls, data encryption modules, and adding SSL to secure data flows. While these are all positive improvements; security features don’t do much to address some of the most prevalent security issues, which are the result of insecure code.

Read More
Topics: secure application development, Static Analysis

What Does The Jeep Hack Really Mean for IoT?

Dave Morris

Are We On The Road To Ruin :

Shortly after Wired’s scoop about Jeep vulnerabilities and the consequent decision of Fiat Chrysler to recall 1.4 million cars in the US to update their software, it provides a glimpse into the future and highlights some issues that promise to be fairly common in the future of automotive (and all other connected smart "things" ).

Read More
Topics: secure application development, Security, CERT-C

Can Your Application Be Hacked With a Backspace Key?

Stepan Cais

28 Clicks To Disaster:

Researchers recently found source code security flaws that allow an attacker to overcome the password security of Grub2 and take control of the computer – just by pressing the backspace key 28 times.  This easily preventable defect has existed since 2009. How could this have been detected earlier? Why did this vulnerability that could have been easily prevented or fixed much earlier evade detection?

Read More
Topics: secure application development, Security, Coding Standards, software reuse

Building Better Software

Improving Reliability Safety and Security

We live in an interconnected world — people are interacting with machines and devices that are in turn communicating with each other-  our lives and livelihoods now depend on software.

Software innovation is driving the creation of new products and markets, increasing the pressure on development organizations to deliver more features under tight schedules and budget – and unreliable, unsafe and insecure software is not an option. 

This blog is intended to share insights and approaches to help organizations manage the increasing complexity of embedded software development and to launch secure, high-quality, feature-rich products, ahead of the competition

Subscribe to Email Updates

New Call-to-action