ITHACA, N.Y., Aug. 15, 2017 — GrammaTech, Inc., a leading developer of commercial embedded software assurance tools and advanced cyber security solutions, today released new research from VDC detailing the growing concerns in cyber-physical manufacturing systems within today’s smart factories. The report, “Industry 4.0: Secure by Design,” summarizes the results from surveying over 500 engineers to find that for Industry 4.0 to succeed, smart factories must be made secure by design, meaning security concerns should guide decisions from the earliest stages and through the full system development lifecycle.
IoT is opening up a broad range of new business opportunities and solutions like the smart factory. Unfortunately, the introduction of connectivity can unearth new vulnerabilities and magnify any existing software quality issues.
“Based on our research, action to prevent or mitigate vulnerabilities is not rising in parallel with the increasing awareness of the impact of security failures,” said Andre Girard, Senior Analyst at VDC. “Embedded engineers surveyed report that over 24% of their projects have no security actions taken.”
According to 46% of developers surveyed by VDC, cyber security concerns are very or extremely important on their current project, up from 37% just two years prior.
“The results found by VDC agree with what we see with our customers,” said Mark Hermeling, Senior Director of Product Marketing. “GrammaTech has been promoting a security-first design approach that leverages automated software tools as much as possible. Advanced static analysis, for example, plays an important role in a secure design lifecycle.”
“Increasing the use of automated testing tools, starting in the early stages of software design can help their engineering teams prevent many common coding errors and security weaknesses,” added Girard. “The low existing use-rates of static analysis and binary analysis—tools that can help in the code acceptance process—suggests many Industrial Automation & Control engineering teams are not yet following best practices for third-party code use.”
One of VDC’s recommendations is a testing regimen including dynamic testing and static analysis to provide greater assurance that vulnerabilities are discovered and fixed. This can help embedded development teams secure their devices and accelerate their time-to-market in industry 4.0, as well as industries such as medical devices, aerospace, and transportation where software capabilities are key drivers of innovation and competiti
ve advantage. To see more of VDC’s recommendations, and learn more about how your business can take a secure by design approach, download VDC’s latest research report: Industry 4.0: Secure by Design.
About GrammaTech:
GrammaTech’s advanced static analysis tools are used by software developers worldwide, spanning a myriad of embedded software industries including avionics, government, medical, military, industrial control, and other applications where reliability and security are paramount. Originally developed within Cornell University, GrammaTech is now a leading research center for software security and a commercial vendor of software-assurance tools and advanced cyber-security solutions. With both static and dynamic analysis tools that analyze source code as well as binary executables, GrammaTech continues to advance the science of superior software analysis, providing technology for developers to produce safer software.
About VDC:
VDC has been covering the embedded systems market since 1994 and the use of lifecycle management solutions since 2000. Data supporting discussions in this paper is based on findings from VDC’s most recent Software and System Development Survey. This survey collects input from more than 500 engineers across the globe and is used within a series of reports produced by VDC in 2017. The respondents are directly involved in software and systems development across a range of industries including automotive, aerospace and defense, telecommunications, medical, industrial automation, and consumer electronics, among others.