07/22/2014

VDC Research is attending Agile2014 in Orlando July 28-29

We are attending the Agile2014 conference in Orlando

Agile2014 is organized by the Agile Alliance, and it is intended to promote the principles of Agile and serve as an opportunity for all of the foremost experts and innovators in the field to come together. The conference boasts over 240 talks and workshops across 16 program tracks and over 1,800 attendees. For more information about Agile2014 and to register for the event, click here.

Make sure to attend the Industry Analyst Panel Discussion: Agile Trends and Future Directions on Tuesday, June 29 to see VDC’s Chris Rommel speak on the panel.

 

“The improved communication and expanded collaboration of Agile software development is helping early adopters discover new engineering synergies and increase their planning predictability. There is wider recognition for the effectiveness of more flexible and iterative strategies such as Agile and cross-engineering domain integration in addressing systems development challenges and rapidly responding to shifting customer needs or market expectations. Better management of design interdependencies through cross-domain integration can often increase operational efficiencies, resulting in cost savings. Use of these methods helps organizations further advance toward a continuous engineering approach, accelerating the pace of software content creation.”

-From André Girard, VDC Research

 

Contact us directly to schedule a meeting!

We would like to learn more about your company’s solutions and personal experiences, and we welcome the opportunity to meet attending vendors. VDC will be at the conference on Monday, June 28 and Tuesday, June 29. Please contact us directly f you would like to arrange a meeting.

Contact André Girard, Senior Analyst, M2M Embedded Technology Practice, VDC Research Group at agirard@vdcresearch.com or 508.653.9000 x153.

About VDC Research

VDC has been covering the embedded systems market since 1994 and the use of lifecycle management solutions since 2000. To learn more about VDC’s coverage of Software and System Lifecycle Management Tools, check out our website here, and to see what other research and products are offered by VDC Research’s Embedded Software & Tools practice, click here

 

-Patrick McGrath

Research Associate, VDC Research

07/21/2014

VDC Embedded Jama Software Webinar

How to Understand Requirements Management to Develop and Deliver Faster

For Embedded Systems Developers, Time to Market is Critical. Learn the No. 1 Strategy to Develop and Deliver Faster.

During this free webinar on Wednesday, July 23 at 1:00pm ET / 10:00am PT, VDC Research analyst André Girard and Jama Software co-founder Derwyn Harris will present on the growing necessity for requirements management (RM) tools in the face of today’s increasingly complex code bases, distributed development teams, and stricter budgets.

OEMs are facing constant pressure for innovation even with tight budgets, and they are dedicating more of their resources towards software development. Despite the importance of well-written requirements in the software development lifecycle, usage rates of RM tools are still dangerously low, with only 23% of embedded engineers polled by VDC in 2014 indicating they were using a formal RM solution on their current project. To meet demands for an accelerated pace of software content creation, developers will need to better utilize RM tools to monitor and manage the development lifecycle from beginning to end.

This webinar will explore: 

  • How has the software development process changed? 
  • What challenges are OEMs facing today? 
  • How do RM tools help deal with these challenges? 
  • How can RM tools save time and money for OEMs?

Tune in to this webinar to learn the answer to these questions and more. Those who register for this webinar will also receive a free copy of VDC Research’s report, “Pinching Pennies on Requirements Management is Too Costly”, by André Girard.

Click here to register for the webinar. To learn more about the research and products offered by VDC Research’s Embedded Software & Tools practice, click here.

 

Patrick McGrath

Research Associate, VDC Research

06/18/2014

IoT Necessitates Changes in Both People and Technology

The requirements of the devices composing the Internet of Things are changing rapidly. The embedded market no longer consists of dedicated-purpose devices that may or may not be connected. Engineering organizations and deploying enterprises must now design scalable system topologies that can integrate new devices and adapt to the IoT’s evolution. While these next-generation systems are required to facilitate downstream device/node management as well as efficient upstream data transfer and analytics, they must also do so dynamically, allowing for more intelligence and flexibility in node role and workloads within sub-network architectures.

This recognition of a need for change in legacy technologies can already be seen in the shift in programming languages used by embedded engineers. In the past five years, the percentage of engineers using Java in the embedded market has more than doubled. Embedded industry stalwarts such as C will certainly maintain a substantial footprint going forward given the existing software assets and expertise at OEMs, but the results confirm that the market is rapidly looking to new and/or multi-language development to satisfy the requirements of next-generation projects.

Picture1

IoT Skill Set Gap Exacerbated by Existing Embedded Resource Gap

The existing embedded engineering resources unfortunately cannot keep pace with the IoT’s time-to-market and content creation requirements. Already this community has been struggling to meet the needs of pre-IoT development projects. Now, the industry is faced with a dynamic in which not only does it need more efficiency, but the existing population of embedded engineers also cannot scale organically to meet the new software content creation requirements. Today, there are just over 1 million embedded engineers globally, with only 35% of that community holding software engineering-specific primary roles. In order to adapt to the new IoT development demands and respond to this dearth of traditionally skilled resources, OEMs must look to new labor pools.

The global Java community, which is estimated to consist of approximately 9 million developers, offers an opportunity to draw upon an increasingly relevant labor and expertise pool. The value of traditional embedded engineering skill sets has already been partially devalued due to IoT system evolution. Now, knowledge of connectivity stacks and UI development often must be placed at a premium over skills such as footprint optimization. Furthermore, technology like Java’s virtual machines create an abstraction layer that can reduce hardware dependencies and the subsequent rework and optimization that would have previously required more traditional embedded firmware engineers. Despite the already rapid adoption of Java (by embedded standards), we believe that the impending blurring of the distinction between embedded and IT Java developers will reinforce the technology’s adoption and relevance going forward. The wide access to the existing ecosystem of Java tools and third-party software, combined with a growing embedded partner ecosystem spanning semiconductor/IP companies, tool, and hardware/system manufacturers will no doubt further reduce switching costs and any lingering reservations held within many embedded industries.

We will be exploring the business and technical impact of the IoT in a webcast tomorrow with Oracle:

Date: Thursday, June 19, 2014 

Time: 9:30 AM PDT, 12:30 PM EDT, 17:30 GMT

Join this webcast to learn about:

  • Driving both revenue opportunities and operational efficiencies for the IoT value chain
  • Leveraging Java to make devices more secure
  • How Java can help overcome resource gaps around intelligent connected devices
  • Suggestions on how to better manage fragmentation in embedded devices

Register here:

http://bit.ly/1oOuuS9

06/16/2014

PTC Acquires Atego, Broadens ALM Support for Product Development

What happened?

PTC (NASDAQ: PTC) announced today it has entered into a definitive agreement to acquire Atego, a leading developer of model-based systems and software engineering applications based in the UK, for $50 million in cash. The transaction is expected to be completed in PTC’s fiscal fourth-quarter 2014, which begins in July. According to PTC’s press release, Atego had approximately $20 million in revenue over the course of the past 12 months, and the company expects it will achieve approximately $5 million in revenue from Atego in PTC’s fiscal fourth-quarter 2014.

VDC’s View

Several recent acquisitions by PTC have targeted services lifecycle management (SLM). The combination of PTC’s SLM portfolio and their IOT capabilities through ThingsWorx provides an impressive depth and breadth of solutions for extending customer relationships post-deployment.

This newest addition of modeling tools from Atego strengthens PTC’s portfolio of product lifecycle management and application lifecycle management solutions and helps reinforce a systems engineering focus. Atego’s Model-Based Systems Engineering solutions connects requirements engineering, architecture modeling, physical product definition, and system verification functions.

Today’s smart, connected products depend on the tight integration of sophisticated components from multiple engineering domains, raising the value proposition of increased cross-discipline coordination and communication. The combination of Artisan Studio from Atego with their existing tooling portfolio enables PTC to offer solutions that help their customers increase efficiency and product standardization in embedded industries where increasingly connected products are created from systems of complex mechanical, electrical, and software systems.

Stay tuned here for further insight in the coming days.

VDC will be exploring these and other trends in greater depth within our upcoming Software & System Lifecycle Management Tools research program.  Please contact us for additional information.

 

By Patrick McGrath, (Research Assistant, M2M & Embedded Technology) and Andre' Girard (Senior Analysis, M2M & Embedded Software)

05/22/2014

eBay Response to Data Breach Shows the Company Still Doesn’t Get It

This month’s major data breach news comes courtesy of hackers who accessed eBay’s user database by using valid credentials pilfered from eBay employees. The hackers apparently had access to eBay’s entire database of 145 million active users during the months of February and March 2014. The information accessed included passwords in encrypted form, as well as names, email addresses, shipping addresses, and dates of birth all in plaintext.

eBay’s user database was apparently accessible to the hackers because they logged in using genuine eBay employee credentials. But why should that give the hackers unfettered access to the entire user database? Of course company employees may have valid reasons for accessing the user database, but eBay could have limited the access such that:

  • a separate password or two-factor authentication was required to gain entry to the database; and

  • the database was only accessible from whitelisted terminals

  • excessive access by any individual employee throws up a red flag immediately (not months later).

eBay’s IT department has a chance to address those issues, but the company’s public relations department hasn’t done too well thus far.

eBay posted a notice on its website regarding the breach, entitled “Important Password Update,” the full text of which is below.

In VDC’s opinion, eBay’s public response to the breach has missed the mark.

eBay’s notice informed users that their encrypted passwords might have been compromised, and instructed them to change the passwords. Since the passwords were encrypted using a “salted hash” technique, few if any actual passwords are likely to be decrypted. Nevertheless, it doesn’t hurt to tell users to change passwords, particularly if a user shares the same password across multiple websites. However, the notice failed to mention the other personal information (non-encrypted) that was compromised. Such personal information presents a risk that hackers could attempt identity theft, which is arguably a greater concern than just the compromise of one site’s password. In effect, eBay has warned users about the information that is probably still safe, and ignored the disclosure of information that is clearly unsafe. And by failing to mention the other personal data that was accessed, eBay is creating a false sense of security that users will be safe if they just change their passwords.

Password changes can help make eBay safer, but they don’t improve the security of users whose personal information has already been appropriated. Because disclosure of users’ personal information could lead to subsequent attempts at identity theft, eBay might need to offer up free credit monitoring service to its users, even though no credit card or other financial information was disclosed.

Users don’t necessarily care how safe and secure eBay is; they care how safe and secure their own personal information is. eBay’s response thus far indicates that the company doesn’t get the distinction.

 

Full text of eBay’s notice to users:

[Note several days after we posted this, eBay revised the text of its password update notice to include the fact that personal data beyond encrypted passwords had been compromised, although eBay still doesn't relate the implications of that to its members. The text below is eBay's original notice.]

Important Password Update
Keeping Our Buyers and Sellers Safe and Secure on eBay
On Wednesday, we announced that we are asking all eBay users to change their password. This is because of a cyberattack that compromised our eBay user database, which contained your encrypted password.
Because your password is encrypted (even we don’t know what it is), we believe your eBay account is secure. But we don’t want to take any chances. We take security on eBay very seriously, and we want to ensure that you feel safe and secure buying and selling on eBay. So we think it’s the right thing to do to have you change your password. And we want to remind you that it’s a good idea to always use different passwords for different sites and accounts. If you used your eBay password on other sites, we are encouraging you to change those passwords, too.
Here’s what we recommend you do the next time you visit eBay:
  1. Take a moment to change your password. You can do this in the “My eBay” section under account settings. This will help further protect you; it’s always a good practice to periodically update your password. Millions of eBay users already have updated their passwords.
  2. Remember to always use different passwords on different sites and accounts. So if you haven’t done this yet, take the time to do so.
Meanwhile, our team is committed to making eBay as safe and secure as possible. So we are looking at other ways to strengthen security on eBay. In the coming days and weeks we may be introducing new security features. We’ll keep you updated as we do.
Thanks for your support and cooperation. eBay is your marketplace, and we are committed to keeping it one of the world’s safest places to buy and sell.
Devin Wenig
President, eBay Marketplaces

 

VDC Research is Attending IBM Innovate2014 in Orlando

VDC Research will be attending Innovate2014, IBM’s Technical Summit in Orlando, June 1-3, 2014. IBM has planned an exciting agenda for the conference highlighting continuous engineering, DevOps, and Innovation.

We are also pleased to announce Chris Rommel, Executive Vice President of M2M Embedded Technology is a speaker for an important panel discussion, “Best Practices for Agile Product Development”, to be held Monday, June 2. We encourage you to attend.

Best Practices for Agile Product Development discussion overview:

Agile methods are popular and effective in software development for complex products. But, the application of agile principles to the broader product development process offers the prospect of even greater business value through improved productivity and predictability and better management of change. This session presents a panel of several experts to discuss the challenges of extending agile beyond software processes. These experts will also address key approaches that can maximize the value for product development organizations.

Haven't decided yet if you're attending IBM Innovate2014? Please check out the Innovate2014 website for more information on the conference program, scheduled speakers, as well as information on companies that will be exhibiting. We hope to see you there.

05/16/2014

Agile in Embedded: Slow to Adopt, Fast to Spread

VDC just recently completed an in-depth analysis into the use and trends around Agile and DevOps methods in the embedded systems market. It is an exciting space with a number of dynamic changes underway as OEMs investigate new ways to improve the overall efficiency of systems development in the face of pressing time-to-market, process standard, and complexity challenges. We have a lot of compelling findings that demonstrate the growing use of Agile, DevOps, and other collaborative approaches across the embedded landscape.

As we dug deep into the data an interesting theme kept linking the findings…collaboration is contagious.

Challenges unique to the embedded market impeded early Agile adoption and, in many cases, will preclude full adherence to the methodology. Nevertheless, once iterative software development practices are successfully introduced, embedded engineering organizations are soon looking into additional ways of improving efficiency through expanding collaboration. Time and again, the initial taste seems to spur more interest. 

Importance of scaling Agile within organization, by use of Agile

Agile blog exhibit

The same spirit of reflection and refinement of processes that are central principles in the Agile methodology are encouraging users to investigate new approaches like scaled Agile, cross-domain integration, and DevOps. Many organizations that introduced Agile on a limited basis are now focused on scaling it to more of their organization by implementing the processes more deeply in existing projects, and expanding use of Agile methods to more teams and projects.

More insight:

Findings from VDC’s 2014 Software and System Development survey helped guide the above analysis. This year, over 500 engineers from a wide range of industries provided invaluable insight into their development and tooling plans, preferences, and pain-points. The full data set from this extensive, global end-user survey is provided to clients of VDC’s Software and System Lifecycle Technology and Engineering Trends Analysis reports. For further investigation and analysis about these trends, please see our most recent report, Agile and DevOps for Embedded Systems, which is available now. 

04/23/2014

Exploiting the Exploit: The Marketing of Heartbleed

No doubt anyone reading this post is already aware of the Heartbleed bug affecting OpenSSL implementations of the TLS Internet security protocol. Heartbleed has received massive press coverage –deservedly so given its potential implications for a significant portion of web sites and Internet-connected devices. We won’t belabor the technical details of the bug, which are summarized nicely at Heartbleed.com. What we will discuss is how Heartbleed has been publicized. To the best of our knowledge, Heartbleed is the first computer systems bug to have both its own website and its own logo, the cute bleeding heart. As such, Heartbleed sets a precedent that will have both positive and negative ramifications for future vulnerabilities and malware.

Heartbleed2The Heartbleed website and logo were developed by the Finnish company Codenomicon, which makes fuzz testing software and provides security test services. Although the bug, officially dubbed CVE-2014-0160, was independently discovered by Neel Mehta of Google and several engineers at Codenomicon, the latter company is the one that turned it into a household word. Even among the vast majority of the population who have no idea what OpenSSL is, people everywhere quickly found out that a major bug could compromise their Internet security. For that, Codenomicon deserves thanks.

In addition, the Internet industry commendably jumped into action, with some websites being patched even before the disclosure became public and many other sites within a few days. (Patches to potentially affected embedded devices may take years, but that’s another story, and the process by which certain firms got early notification of Heartbleed is yet another...)

Despite the cooperation of Internet powers in addressing Heartbleed, VDC sees several disconcerting implications in the way the bug CVE-2014-0160 became Heartbleed the logo.

First, Codenomicon undoubtedly got a huge boost in its profile by virtue of its role in publicizing Heartbleed. Therefore, we anticipate that other security firms will seek similar attention when they discover significant vulnerabilities. We wouldn’t be surprised if discoverers prepare websites and logos before they even disclose the bugs, then flip the switch to launch their sites instantly upon disclosure. That may again produce rapid, coordinated reaction to fix the problem, but it raises questions about possibly overstating the risks associated with lesser vulnerabilities in the name of garnering publicity.

The Heartbleed bug was a biggie, deserving of widespread attention, whereas most bugs are rather mundane. Flaunting them won’t quite constitute crying wolf in the absence of threat, but it may be the equivalent of crying wolf when there’s just a loose dog poking around among the sheep.

Second, prankster-level hackers could conceivably set up fake vulnerabilities web pages, causing temporary wastes of much effort and energy before being debunked. That’s the equivalent of yelling  “Fire!” in a crowded theater.

Third, and most egregious, would be malicious hackers who publicly announce a vulnerability (either real or fake) for the purpose of exploiting a different vulnerability while everyone is distracted with the first one. That’s yelling “Fire!” (or actually setting a fire) in the theater so they can rob a bank across town while the police and firemen are occupied. Password phishing email campaigns can already come in swift response to disclosure of real vulnerabilities. Now, we anticipate hackers coordinating both the disclosure and the phishing campaigns.

Sad to say, despite all the benefits of renewed examination of security protocols that will come out of the Heartbleed bug, there remain many who will seek to maximize their own gains by learning from the reactions of others.

03/12/2014

VDC Research is Attending EE Live! in San Jose

VDC Research will be attending the EE Live! conference and trade show (formerly known as the Design West Embedded Systems Conference) in San Jose, CA, April 1-3, 2014. Contact us to schedule a meeting!

While we are at the conference, we welcome the opportunity to meet with attending vendors to learn more about their embedded solutions and any show-related (or other recent) announcements. You can arrange a meeting time with VDC analysts by contacting us directly.

For Hardware-related meetings: Contact Chris Rommel, Executive Vice President, M2M Embedded Technology Practice, VDC Research Group at: crommel@vdcresearch.com or 508.653.9000 x123.

For Software-related meetings: Contact Steve Hoffenberg, Director, M2M Embedded Software & Tools, VDC Research Group at: shoffenberg@vdcresearch.com or 508.653.9000 x143.

Haven't decided yet if you're attending the event? Please check out the EE Live! website for more information on the conference program as well as information on all of the companies that will be exhibiting.

02/21/2014

Is this a run on static analysis?

The static analysis solutions market is one of the most dynamic segments VDC’s embedded software team currently tracks. While still a relatively young and evolving technology, static analysis has rapidly become a standard -- perhaps even necessary -- element of the software development lifecycle. Software is emerging as the primary agent for differentiation and resource investment for more companies as they try to speed the delivery of innovative new solutions. The development of increasingly complex software needed for these devices and systems is accelerating growth of code quality and security issues that static analysis is designed to address. In parallel, there is a growing awareness of the potentially catastrophic impact of software failure. As a result, we expect static analysis tools to generate revenue growth exceeding many other tooling segments.

“Strong forecasted growth and the presence of several profitable, small, and privately owned companies among market leaders make the segment (static analysis) ripe for mergers and acquisitions.”  - VDC Research, Stategic Insights 2013, The Global Market for Automated Testing and Verification Tools

Earlier this week Synopsys, a prominent supplier of electronic design automation and semiconductor IP solutions, announced it reached an agreement to purchase Coverity for approximately $375M (US).

The news is compelling for several reasons. Code analysis offerings of Coverity represent a logical expansion of the existing Synopsys portfolio into an adjacent technology area. The acquisition of Coverity would provide Synopsys with the leading vendor share position in the static analysis tool market, a segment expanding at a compound annual growth rate greater than 15%. Furthermore, the combined sales teams and existing customer bases should provide excellent opportunities for both Coverity and Synopsys to increase sales into new realms, primarily the semiconductor and ISV markets, respectively.

The Coverity acquisition by Synopsys should not be viewed in isolation. There was another acquisition of a leading code analysis supplier in January, when Rogue Wave Software purchased Klocwork. We see the opportunity for many of the same synergistic benefits to the Klocwork/Rogue Wave integration as in the Synopsys/Coverity combination. It will be interesting to see if these recent acquistions provide the necessary impetus for more potential suitors to buy one of the remaining independent static analysis tool suppliers.

 

Recent Posts

VDC Research is attending Agile2014 in Orlando July 28-29

VDC Embedded Jama Software Webinar

IoT Necessitates Changes in Both People and Technology

PTC Acquires Atego, Broadens ALM Support for Product Development

eBay Response to Data Breach Shows the Company Still Doesn’t Get It

VDC Research is Attending IBM Innovate2014 in Orlando

Agile in Embedded: Slow to Adopt, Fast to Spread

Exploiting the Exploit: The Marketing of Heartbleed

VDC Research is Attending EE Live! in San Jose

Is this a run on static analysis?


Related Posts Plugin for WordPress, Blogger...