Embedded software is the driving force in new engineered product development, providing flexibility, lower manufacturing costs, and ease of change and servicing. The flipside to the benefits of embedded software include greater complexity, and quality assurance and testing challenges. Embedded software combined with the Internet of Things (IoT) also raises a serious concern over security. To address these issues, Ovum believes that the software development security lifecycle needs to be part of the engineered product lifecycle. A new standard for quality in software by the Consortium for IT Software Quality (CISQ), which enables automating the direct measurement of software quality, can also help raise software quality and security.
The IoT will only grow if software quality and security are improved
The promise of connected products that the IoT will introduce may be spoiled by the specter of malicious hacking. Connectivity of machines with safety-critical qualities could result in serious harm unless software quality and security are addressed in engineering design and development.
A number of remedies are available to deal with the dangers of these new systems, including continuous engineering for systems that can be continually tested and improved, and adopting an end-to-end software security development lifecycle approach. In addition, new standards for cross-industry safe and secure embedded software are emerging. Organizations can be proactive in their involvement in the new standards, and can adopt mature processes for reducing risk in product use and reducing reputation risk for the business.
A new standard for direct measurement of software quality will prove useful
Hard measurements that are repeatable, consistent, and automated will always drive out soft assessments. In this context, the Consortium for IT Software Quality (CISQ), a group created by the Software Engineering Institute (SEI) at Carnegie Mellon University and the Object Management Group (OMG), is working on a direct quality standard for software, and it is being designed to allow automated measurements of the standard. In support there are a number of firms producing software to perform the automated quality assessment. CISQ has a number of working groups active in the standard process: Automated Function Points, Reliability, Performance Efficiency, Security, and Maintainability. These working groups will be releasing final sets of quality rules for approval in 2015. The introduction of such a standard will help drive software quality and security improvement.
Although the CISQ has so far focused on enterprise IT, the standard being produced has equal applicability to embedded software, and Ovum encourages engineering firms to see how they can benefit from adopting this standard.
Embedded Software QA, Testing, and Security. IT0022-000267 (November, 2014).
The Software X Lifecycle: Development, Testing, and Security. IT0022-000266 (November, 2014).
Michael Azoff, Principal Analyst, Ovum Software.