113 posts categorized "Competitive Landscape"


QNX Ex-Owner Harman International Acquires Red Bend Software


Harman International is best known as an audio electronics maker, owning numerous brand names targeting consumers and professionals, including AKG, Crown, dbx, Harman Kardon, Infinity, JBL, Lexicon, Mark Levinson, and Revel. As old-school “car stereos” have evolved in recent years into multifunction “infotainment systems,” Harman has also become a major player in automotive electronics.

Red_Bend_Logo_HorizontalOn January 22, Harman announced its acquisition for $170 million of Red Bend Software, which is the leading provider of software and services for Firmware Over The Air (FOTA) updating for mobile devices and automobiles. (See press release here.) Harman simultaneously announced its acquisition of software services firm Symphony Teleca, although Red Bend has more interesting implications for IoT.

QNXBack in 2004, Harman had acquired for $138 million QNX Software Systems, developer of the real-time operating system QNX Neutrino, as well as a number of other embedded software solutions which have since become especially popular in the automotive market. Fast forward to 2010 when Harman sold off QNX for $200 million to Research In Motion (RIM, since re-named Blackberry Limited for its line of mobile phones). At the time, Harman said about its sale of QNX, “This move allows Harman to continue its relationship with QNX and the advanced software solutions it provides to Harman and our customers. At the same time, this deal achieves value for all stakeholders and is an important step in a new strengthened relationship with RIM.”

Perhaps Harman’s sale of QNX was influenced by economic conditions during the Great Recession, but it leads us back to Harman’s acquisition of Red Bend, and it raises a few questions:

  • Would Harman have been able to leverage synergy between Red Bend and QNX in the automotive market if it had retained ownership of both? If not, why not? If so, might the value of such synergy have outweighed the gains realized by selling QNX?

  • What value does Harman now see in Red Bend that it no longer saw in QNX?

  • Considering that much of Red Bend’s current business is in the mobile phone industry, does Harman view Red Bend as a stepping stone into that market?

  • What would it take for Harman to believe that a potential future sale of Red Bend might “achieve value” for stakeholders and produce “a new strengthened relationship”?

We‘ll leave these questions for readers to ponder for themselves


Is this a run on static analysis?

The static analysis solutions market is one of the most dynamic segments VDC’s embedded software team currently tracks. While still a relatively young and evolving technology, static analysis has rapidly become a standard -- perhaps even necessary -- element of the software development lifecycle. Software is emerging as the primary agent for differentiation and resource investment for more companies as they try to speed the delivery of innovative new solutions. The development of increasingly complex software needed for these devices and systems is accelerating growth of code quality and security issues that static analysis is designed to address. In parallel, there is a growing awareness of the potentially catastrophic impact of software failure. As a result, we expect static analysis tools to generate revenue growth exceeding many other tooling segments.

“Strong forecasted growth and the presence of several profitable, small, and privately owned companies among market leaders make the segment (static analysis) ripe for mergers and acquisitions.”  - VDC Research, Stategic Insights 2013, The Global Market for Automated Testing and Verification Tools

Earlier this week Synopsys, a prominent supplier of electronic design automation and semiconductor IP solutions, announced it reached an agreement to purchase Coverity for approximately $375M (US).

The news is compelling for several reasons. Code analysis offerings of Coverity represent a logical expansion of the existing Synopsys portfolio into an adjacent technology area. The acquisition of Coverity would provide Synopsys with the leading vendor share position in the static analysis tool market, a segment expanding at a compound annual growth rate greater than 15%. Furthermore, the combined sales teams and existing customer bases should provide excellent opportunities for both Coverity and Synopsys to increase sales into new realms, primarily the semiconductor and ISV markets, respectively.

The Coverity acquisition by Synopsys should not be viewed in isolation. There was another acquisition of a leading code analysis supplier in January, when Rogue Wave Software purchased Klocwork. We see the opportunity for many of the same synergistic benefits to the Klocwork/Rogue Wave integration as in the Synopsys/Coverity combination. It will be interesting to see if these recent acquistions provide the necessary impetus for more potential suitors to buy one of the remaining independent static analysis tool suppliers.


Trusteer Your Security to IBM: Acquisition Fortifies Security Portfolio

On August 15th, IBM (NYSE:IBM) announced it reached a deal to acquire Trusteer, a Boston-based software-security firm focusing on financial and enterprise cyberthreats. As part of the deal, IBM will absorb Trusteer’s R&D lab in Tel Aviv into its security organization. One major focal point for Trusteer is their mobile security product line, which focuses on preventing intrusion and data theft through enterprise-connected mobile devices.

Smartphones and tablets are becoming integral tools for large and small businesses alike. Mobile devices – like an iPhone equipped with the SalesForce app – are a huge benefit to employees and their employer by allowing them to work remotely and efficiently while away from the office, but these devices also introduce a new set of vulnerabilities into an organization’s security. Our data shows that a large number of these devices have exploitable security flaws that leave sensitive enterprise data vulnerable. A mobile device connected to an enterprise’s network provides a link into the organization that many aren’t adequately protecting.

This acquisition reinforces two key trends: security is an increasingly important factor for all organizations and more needs to be done to protect valuable data from theft. As the number of end-points an organization deals with increases, so does the risk for a security breach. IBM recognizes this and plans to use the Trusteer acquisition to improve its enterprise security products, but the same principles hold true in the embedded industry.

The embedded world is more connected than ever before and this trend continues to grow. Thinking back to famous malware threats such as Stuxnet infiltrating networked manufacturing platforms, it’s clear that inadequate protection of these systems is a major vulnerability to users of embedded software and hardware. Purchasing Trusteer highlights a developing industry trend: end-point protection is becoming a new priority for businesses, embedded or enterprise, in order to keep cyberthreats from harming their operations.

For more information on VDC’s research about security in the embedded industry, click here.


By Zach D. McCabe,

Research Assistant, M2M & Embedded Technology


Agile2013: VDC Research is heading to Nashville - Music City!

The M2M Embedded Software team is excited to be heading to Nashville to attend Agile2013 (#agile2013). The growing adoption of Agile methodologies is one of the most important developments in the software lifecycle management solution market since VDC started covering it in 2000.

Agile2013 banner
Despite origins in the enterprise/IT software development world, iterative software development methods have also taken hold in the embedded market. In fact, nearly 50% of embedded engineers we surveyed in 2012 used Agile and Iterative methods.

As embedded systems continue to evolve, organizations still relying on traditional development methodologies are struggling to keep pace with their software content creation demands. Many of these OEMs are accustomed to the traditional, serial development workflows especially common within safety-critical application classes. However, updates to several software standards, such as DO-178C, have provided the embedded industry with better clarification and more guidelines around the new development techniques. As a result of these pressures and advances, we expect iterative development methodologies will continue to gain new adherents in the embedded market.


Hope to see you there

If you want to learn about the latest Agile approaches, methods, technologies, tools, leadership principles, management philosophies and processes, we hope you will attend Agile2013. Also, please check out some of our free research on Agile, DevOps, and software development tools.

Contact us ASAP to schedule a meeting

VDC will be attending the Agile2013 conference Monday, August 5th and Tuesday, August 6th.

Contact André Girard, Sr. Analyst, M2M Embedded Software & Tools at:

agirard@vdcresearch.com or 508.653.9000 x153.

We look forward to seeing you at the show!



VDC Research is the leading M2M market intelligence firm that provides engineering leaders and technology suppliers with research-driven insights to help guide their product development and technology strategies. For over two decades, VDC Research has been conducting research and analysis of the global M2M market. Born out of its embedded engineering research practice, VDC Research surveys and interacts with thousands of engineers from all vertical markets including industrial automation, retail, manufacturing and medical devices, to gain insight into their project requirements, solution selection criteria, preferences and trends. 

Based on a unique blend of quantitative and qualitative analysis that offer granularity and breadth of coverage, VDC is organized around four practice areas, each with its own focused area of coverage. Together, they enable a unique 360-degree perspective of the opportunities and challenges resulting from The Internet of Things and M2M.

For more information visit: www.vdcresearch.com


The Embedded Software Beat

Part two of a Q&A with Matt Klassen, Director of Product and Solutions Marketing at PTC. (See part one)

This interview is part of an ongoing series we conduct with embedded software solution providers to share views on their company, products, and state of the market.

VDC:  When PTC acquired MKS, James Heppelmann, president and CEO of PTC said, “Software engineering has become a fundamental backbone element in today’s product development process.” Indeed, embedded systems continue to grow in complexity and software is defining an ever greater portion of end product value. Given that environment, can you tell us a bit about how the combination of Integrity with PTC’s PLM solutions is addressing some of the challenges facing manufacturers today?

Klassen: PTC is addressing many software intensive product manufacturing challenges head on.  Integrity allows engineers to author, connect, and manage a wide range of development artifacts from requirements to design to code and test. Furthermore, Integrity offers unprecedented reuse and traceability providing efficient change management, even across product variants. This gives management a real-time view of software release readiness in the context of the product engineering cycle.  When used in combination with Windchill, Integrity extends PLM to include robust requirements management, software management, and crossed discipline change management.

VDC: Has the acquisition resulted in new markets or opportunities for the Integrity solution than was available under MKS?

Klassen: PTC gave Integrity global reach and with a loyal customer base. Integrity has been introduced to a host of new customers that have invested heavily in our ALM technology. These customers include HKMC, Huawei, Cummins, John Deere, and Ingersoll Rand to name a few.

VDC: We’re seeing Agile software development methodologies gain broader acceptance across a range of embedded verticals. How does a solution like Integrity help support a transition to iterative development?

Klassen: PTC Integrity ensures a smooth transition to iterative and agile methodologies by providing a flexible scalable Scrum based template that allows enterprises to use traditional, agile or hybrid methods across a distributed set of teams. In addition, Integrity’s support for regulatory compliance standards and ability to reuse requirements, test and code in an Agile environment is unique.

VDC: If you could accurately predict the future, how do see the opportunities for the embedded software market shaping up over in the coming year?

Klassen: The embedded software market will only continue to grow its products to become smart systems of systems.  As companies realize that it is more profitable to transform their products into services, software will enable and deliver the continuous stream of value to products already in the market such that servicing, fixing, upgrading and even offering new features will become much more efficient, less expensive and provide longer life expectancies for many products.  Companies that are able to manage the explosive growth of software efficiently and effectively in the context of the product lifecycle will thrive.  PTC’s strategy is very focused on this market force.

VDC: Thank you, Mark.

Interested in participating in VDC’s “The Embedded Software Beat” series of interviews? Please reach out and let us know.

Matt KlassenMatt Klassen
is passionate about helping customers improve the way they build software intensive products and has been helping organizations excel with software for 20 years.  In his role as Director of ALM Solutions Marketing, Mr. Klassen is responsible for leading the effort to define, market, and sell PTC software and systems engineering management solutions built on PTC Integrity.  With many years working with customers on their complex software systems, Matt has the in knowledge to understand customer challenges across the software development lifecycle in many industries including medical devices, automotive, aerospace, and high tech electronics.  Matt has been a featured speaker at many conferences and events.



IBM Bolsters DevOps Support with UrbanCode Acquisition

On Monday, IBM announced the acquisition of UrbanCode, a provider of software delivery automation solutions. UrbanCode’s continuous release and deployment tools will be integrated into the IBM Rational portfolio to bolster their DevOps capabilities.              

…software is eating the world.” – Marc Andreessen

Software has emerged as the primary agent for differentiation for a growing number of companies. It is defining a greater portion of end-value for organization’s solutions, but also consuming an ever-larger share of their development costs. Many of these companies have re-evaluated their processes and adopted Agile methodologies to help speed software development. Our findings suggest this has helped. In VDC’s 2012 software and system developer survey, engineers using Agile were more likely to be ahead of schedule on their current project, despite code bases three times as large as those not using iterative methods.

“Companies that master effective software development and delivery in rapidly changing environments such as cloud, mobile and social will have a significant competitive advantage,” - Kristof Kloeckner, general manager, IBM Rational Software.

Unfortunately, Agile methodologies only address the software development. Just increasing the pace of software design can place considerable strain on an organization and result in bottlenecks elsewhere in the development lifecycle. To move in the right direction, development and operations need to operate at the same velocity. This is where the incorporating the UrbanCode Application Release Automation should provide synergy. By automating much of the testing and deployment processes, organizations can speed up the operations side of their business to match the pace of the Agile software development.

Integration of the UrbanCode offerings into IBM Rational’s portfolio represents a valuable extension of their DevOps implementation support. We expect much of the initial market traction to come from enterprise applications. However, with the volume of embedded software code continuing to grow while project timelines shrink, this approach will increasingly resonate in several embedded industries.

More insight

For further investigation and discussion about Agile development, DevOps and other important shifts in systems lifecycle management, please see our 2012 Software & Systems Lifecycle Management Tools Market Intelligence Service. 


Can Ubuntu Make a Splash in Mobile?

The start of the new year kicked off with an announcement that another open source mobile operating system will be coming to market… but this one is truly unique. The provider of one of the most popular Linux-based desktop operating systems, Canonical, recently announced a distinctive smartphone interface for its Ubuntu operating system. Aside from Android, open source platforms have had a checkered history with limited success in the smartphone environment (e.g. Openmoko, LiMo, MeeGo, webOS). Ubuntu faces much uncertainty with many challenges ahead, but its unique positioning and appeal could help it shine in an increasingly competitive and crowded market.

One of the primary goals of Canonical is to provide a unified family of interfaces for phone, PC and television devices utilizing the Ubuntu OS. Best-suited for high-end multicore “superphones,” the Ubuntu phone OS delivers a rich graphical touch interface with a full PC experience when docked with a monitor, keyboard and mouse. Canonical is also providing a free variant of Ubuntu designed to run on Android phones to immediately enter the mobile market. The OS will support web-based HTML5 and native applications.

Ubuntu has a lot of things going for it that past open source OSs did not. First and foremost, Canonical has been very successful in growing Ubuntu’s presence in enterprise desktops and server platforms across the world since its launch in 2004. The company amassed plenty of experience hosting cloud-based services and app stores, a major obstacle for new entrants to the mobile space, and developed a global market presence through leveraging partnerships with leading PC OEMs including ASUS, Dell, HP and Lenovo. Additionally, application support will be bolstered by Ubuntu’s considerable following of desktop developers and a Webkit made available by Canonical to help migrate applications from the desktop platform.

Though no open source platforms have been able to measure up to Android’s success in the smartphone arena, many network operators and OEMs would like to have an alternate available. They have recognized that the growing duopoly between Apple’s iOS and Google’s Android in the market could stifle innovation and give them too much power over industry participants and users themselves. Furthermore, an alternative operating system, like Ubuntu, could help carriers and manufacturers gain a more substantive relationship with smartphone buyers by adding their own branded offerings.

However, Ubuntu faces numerous obstacles in its quest to make a splash in the smartphone OS market. The two biggest concerns, intensely growing competition and a lack of handset provider support, permeate throughout market for mobile operating system providers. The market already accommodates two huge platforms (Android and iOS) and two others with aspirations of greatness (Windows Phone and Blackberry), and that’s just at the top. By the time the first Ubuntu-based handset comes to market at the end of 2013 (earliest), the next versions of Android and iOS will have been deployed, Blackberry 10 will have finally arrived and Microsoft will be soon-updating its own mobile software. Also, Canonical has yet to disclose any commitments by operators or handset manufacturers to support the Ubuntu operating system and few big-name “superphone” OEMs are likely to be willing to risk a high-profile launch with an unproven mobile OS.

A lot will change the landscape in the meantime leading up to Ubuntu’s eventual mobile debut. The OS contains some very innovative and inspiring design ideas, and Canonical boasts unique core strengths that make their operating system truly different from any other open source OS that has crossed the mobile environment. The new OS will have the opportunity to be a significant player in emerging markets, as well as with people already committed to open source. Though more competition would force the pace of innovation to increase, Google and Apple will be heart-pressed to relinquish any market share and will continue to add to and enhance their own platforms in a bid to stay relevant. Demand for an Ubuntu-like platform exists; it’s just a matter of getting past the crowd at the door.


VDC’s Top 12 of 2012 – Part 2

In case you missed it, I unveiled the first half of our list on Monday. A brief review (see Monday’s post for more details), and then on to the top 6!

12. GrammaTech introduces architecture visualization system for CodeSonar (March 27th)

11. LDRA forms LDRA Certification Services (March 26th)

10. Enea joins the embedded Linux party (March 27th)

8 and 9. Siemens and PTC expand their lifecycle management coverage through acquisitions (Siemens/LMS International: November 8th, PTC/Servigistics: August 8th)

7. General Dynamics acquires OK Labs (September 11th)

6. Thales acquires SYSGO (November 15th)

SYSGO joins the list of leading embedded/real-time operating systems vendors (Wind River, MontaVista Software, and QNX Software Systems) that has been acquired since the middle of 2009. As SYSGO’s VP of Marketing Jacques Brygier told our blog earlier this month, “SYSGO remains the same with just more financial backup to move forward. The company keeps its identity, management team, full staff, and offices. It is Thales’ willingness to let SYSGO decide its own growth strategy, including the choice of market segments Thales is not involved with.” We are not sure that Wind River and Green Hills Software are worried just yet, but if Thales holds true to this strategy for its new subsidiary, the competition could start heating up.

5. IBM announces Rational Engineering Lifecycle Manager (September 5th)

As software continues to play a greater role in providing product differentiation and innovation, the convergence of ALM and PLM has become a particularly hot topic and an important business opportunity. RELM is the key element of IBM’s cross-domain integration strategy, and is designed to help engineering teams visualize, analyze, and organize engineering data and their relationships.

4. Coverity launches the Coverity Security Research Laboratory (January 24th)

If I had to pick one main theme that best defined 2012, it would be security. The Internet of Things phenomenon has pushed the concept of security to the forefront of consumers’ minds, and as a result the engineering community has become increasingly focused on building security into their devices. To that end, Coverity launched its Security Research Laboratory (SRL), which is dedicated to vulnerability research and the discovery of new and existing defects in software code. SRL includes a wide range of security experts from industry and academia.

3. Oracle releases two new Java Embedded products (September 25th)

As I wrote in September, survey data over the last several years has uncovered a surge in the use of Java in embedded designs. Oracle’s release of Java ME Embedded 3.2 and Java Embedded Suite 7.0 is indicative of the company’s recognition of this trend and its intent to aggressively target embedded developers. Also considering the momentum behind the Java-based Android platform, it certainly seems that 2013 may be the year of Java in embedded.

2. Microsoft unveils Windows Embedded roadmap (November 14th)

The release of Windows 8, new Windows phones, and the Surface tablet brought with it a great deal of speculation around the future of Microsoft’s various Windows Embedded platforms. In mid-November, Microsoft finally revealed their plans, which, not surprisingly, included yet another naming convention change. A few highlights:

  • Windows Embedded Standard 7 will become Windows Embedded 8 Standard (GA: March)
  • Windows Embedded Enterprise will become Windows Embedded 8 Professional (GA: March)
  • Windows Embedded POSReady will become Windows Embedded 8 Industry (CTP: January)
  • Windows Embedded Compact 7 will become Windows Embedded Compact 2013 (GA: Q2 '13)
  • More details on Windows Embedded 8 Handheld and Windows Embedded 8 Automotive are expected to be released early next year.

1. Intel rolls out the Intelligent Systems Framework (September 11th)

Intel continued its heavy push into embedded at the Intel Developer Forum this past September, when it announced the Intelligent Systems Framework (ISF). Another announcement driven by the Internet of Things phenomenon, ISF is a broad specification for intelligent devices in a wide range of industries, from medical and industrial to digital signage and home automation. The framework is “designed to address connecting, managing, and securing devices and data in a consistent and scalable manner,” and includes hardware, operating systems, tools, and other software components.

There are two key reasons ISF earned the top spot in our rankings. First is the impressive list of companies that have pledged their support, which includes Advantech, Arrow Electronics, Avnet, Dell, Digi International, Eurotech, Kontron, and of course Intel subsidiaries McAfee and Wind River. The second – and perhaps more important – reason is simply the attention it has received. People are talking about it. People want to know more about it. In the short time since its release, we have fielded numerous calls from various industry participants looking to discuss ISF and how it may impact the industry moving forward. For those reasons, we believe Intel’s Intelligent Systems Framework was the most significant/noteworthy embedded software announcement of 2012.

- - - - - - - -


So that’s our list. And though we checked it twice, I am sure you all might have seen things a little bit differently in 2012. So if you’d like to dispute our rankings, point out something that didn’t make the list at all, or even shower us with praise, we would love to hear from you in the comments section.

Here’s looking forward to even more game-changing innovations for embedded in 2013 and beyond!


VDC’s Top 12 of 2012 – Part 1

The end of the year is always a great time for reflection, for thinking about everything that happened throughout the year and what it all means. It is also a great time for making lists; Christmas lists, New Year’s resolutions, and Best Ofs. I won’t get into my New Year’s resolutions here, but I will take a few moments to highlight (and rank, just for fun) the most significant embedded software announcements of the past year.

So, without further ado, here is our take on the best of 2012!


12. GrammaTech introduces architecture visualization system for CodeSonar (March 27th)

This system is designed to optimize the visual inspection and analysis of software through a sophisticated new interface for viewing the relationships between software program elements. Built to handle very large code bases, we believe this product represents a unique solution that has the ability to materially impact the way developers test and analyze their source code. CodeSonar visualization runs through a browser such as Internet Explorer, Firefox, or Chrome.

11. LDRA forms LDRA Certification Services (March 26th)

Attaining safety-critical certifications has long been a time-consuming and laborious task for embedded developers. In response to this challenge, LDRA formed a separate division of the company (staffed by credentialed industry experts) dedicated to facilitating the certification process for various FAA/EASA regulations. LDRA addresses the following standards: Aircraft & Systems Development (ARP-4754A), Safety Assessment (ARP-4761), Integrated Modular Avionics (DO-297), Flight Electronic Hardware (DO-254), Flight Software (DO-178B/C), and Ground Systems (DO-278/A).

10. Enea joins the embedded Linux party (March 27th)

This was a bit of an about-face for Enea, which had previously supported embedded Linux development through its services arm and reseller agreements with Linux vendors such as TimeSys. Enea Linux – which is intended to target next-generation networking infrastructure equipment – is a Yocto-based distribution available with customized services and support. This came on the heels of the release of another new commercial distribution, Mentor Embedded Linux (Mentor Graphics). The question for both Enea and Mentor, of course, is whether or not “late to the party” is good enough.

8 and 9. Siemens and PTC expand their lifecycle management coverage through acquisitions (Siemens/LMS International: November 8th, PTC/Servigistics: August 8th)

The complexity of today’s projects is increasing the dependence of each engineering discipline on the functionality of the other disciplines. The lines between software, electrical, and mechanical engineering have started to blur, necessitating a higher frequency of communication and coordination between these once separate groups. These acquisitions are further evidence that the concept of developing a cross-domain approach to providing solutions to this market has been one of the main overarching themes of 2012.

Siemens’ acquisition of LMS International will allow the company to extend their systems driven product development support through integrated test management, while Servigistics’ presence in PTC’s portfolio will enable PTC to better help its customers service their products under development.

7. General Dynamics acquires OK Labs (September 11th)

According to GD, OK Labs will deploy its OKL4 Microvisor in secure mobile devices (for civilian, government, and military use) and automotive in-vehicle infotainment systems as part of the GD Broadband business unit – presumably within both internal and commercial opportunities. But will commercial opportunities actually be there? For years, suppliers of mobile hypervisors have struggled to effectively communicate the value proposition of their solutions. As a result, revenues never really scaled and leading vendors struggled to realize significant growth. In the case of OK Labs, this ultimately resulted in acquisition. Given the historical difficulties in monetizing mobile virtualization, we believe it may be only a matter of time before GD completely internalizes the use of OKL4 technology.

Part 2 on Wednesday!

Come back on Wednesday for the second half of this list, including our pick for the top announcement of the year!


The Embedded Software Beat

A Q&A with Paul Anderson, VP of Engineering, GrammaTech

This interview is the third in a series that we look to conduct during the course of 2012 with embedded software solution providers to share their views on their company, products, and state of the market.

VDC: GrammaTech has been in the source code analysis business for over 20 years; can you briefly introduce the company to our readers?


Anderson: We were founded as a spin-off from Cornell University to commercialize the results of research into interactive development environments. Since then we have done a lot of research into software analysis and manipulation. For the last five years or so our main product has been an advanced static analysis tool for C/C++. It does a whole-program path-sensitive analysis to find serious programming defects such as buffer overruns. We sell it mostly to companies doing embedded safety-critical work, but also to those doing serious security analysis.

VDC: What are the challenges engineers face today in designing and developing embedded devices and how are embedded software suppliers responding?

Anderson: For years we have been able to rely on increased clock speeds and integration to get better performance. That trend is running out of steam, so chip designers have turned to multiple cores to improve throughput. The problem is that developers usually need to rewrite their code to take maximum advantage of the potential. Writing efficient concurrent code requires new skills, and this introduces the risk of entirely new classes of programming defect such as deadlocks and data races. These are usually very difficult to detect and diagnose because they are highly sensitive to minute differences in timing. Dynamic analysis tools are beginning to emerge that can help with detection and diagnosis, and static-analysis tools can be used to prevent them from being introduced in the first place.

VDC: You recently announced CodeSonar for Java. Can you briefly describe this product and talk a little bit about the use of Java in embedded systems today?

Anderson: Java is a much more civilized language than C/C++ — a bug like a buffer overrun in C is potentially disastrous because it corrupts the memory in unpredictable ways, but the same bug in Java will trigger a well-defined exception that can be handled in a controlled manner. On the other hand Java programmers make much heavier use of general-purpose APIs and frameworks and it is possible to introduce bugs by misusing these. Consequently for Java there is less need for the sophisticated and expensive analysis needed for C programs. Our first version of the Java product does a fairly lightweight analysis, but the results are still managed through the same web-based user interface used for the C/C++ product.

In embedded systems development C is usually used for the embedded processors themselves, and Java (or other languages like C#) is most often used for the non-safety- or performance-critical components such as the desktop or handheld computers used to manage the devices.

Of course Java is the language primarily used for Android development for devices such as mobile phones and tablets, but such development has more in common with traditional data processing or UI programming than embedded programming.

It would be great if there were more of a move towards Java for real-time embedded, and there are some very good tools available, but it does not appear to be happening very fast. C and C++ will be with us for the foreseeable future.

VDC: Device security, which has long been an area of expertise for GrammaTech, has become a very buzzworthy topic in recent months. What are some of the vulnerabilities and other security issues that engineers need to guard against as they seek to develop secure devices in this increasingly connected world?

Anderson: Researchers have demonstrated that it is relatively easy to take control of many embedded devices. I recently saw a presentation that showed a successful attack on the control computer of an automobile that was launched by inserting an infected disk into the CD player. The attack surface of many devices is growing rapidly because of market demands for increasing connectivity. Nobody should assume that their devices are unlikely to be targets of attacks. Hackers can be incredibly creative at finding ways to exploit vulnerabilities for their own ends.

Consequently it is becoming clear that all embedded developers must be aware of security risks and that they should program to avoid them. Fortunately there are lots of publicly-available resources to help programmers understand security vulnerabilities.  For example, the CWE/SANS Top 25 lists the most notorious programming defects that can lead to exploitations.

After getting educated and adopting the appropriate tools, the most important thing that developers can do is to cultivate the correct mindset. They should assume that their software will be scrutinized for vulnerabilities by extremely talented and determined adversaries, and program accordingly. It is most critical to pay attention to the interfaces between systems as this is where most weaknesses lurk.

VDC: GrammaTech is also heavily involved in cutting-edge research.  What can you tell us about some of your recent or ongoing research efforts?

Anderson: We work on various program analysis tools and techniques including static and dynamic analysis for both source code and object code, with applications in software assurance, security and protection. One project is aimed at protecting users from potentially malicious code by monitoring it during execution and preventing it from doing harm. A related project combines static and dynamic techniques to do a sort of intelligent fuzzing to automatically generate test cases that yield very high code coverage.

VDC: If you were to take a look a look into your crystal ball, how do see the opportunities for the embedded software market shaping up as we head toward 2013?

Anderson: I have already mentioned two major trends: concurrency and security; demand for tools to help with these aspects of development will probably increase. The use of Eclipse— the open-source IDE — is growing rapidly; it has been the dominant IDE for Java for years, and support for C/C++ is now mature. It integrates tightly with debuggers, profilers, version control systems, and other tools so it can boost programmer productivity enormously. I would expect tool-chain vendors to improve their integration with Eclipse to take advantage of this great resource.

VDC: Thank you Paul.

Interested in participating in VDC’s “The Embedded Software Beat” series of interviews? Please reach out and let us know.

Paul Anderson is VP of Engineering at GrammaTech. He received his B.Sc. from Kings College, University of London and his Image002Ph.D. in computer science from City University London. Paul manages GrammaTech's engineering team and is the architect of the company's static-analysis tools. He has helped a wide variety of organizations, including NASA, the FDA, the FAA, MITRE, Draper Laboratory, GE, Lockheed Martin, and Boeing, apply automated code analysis to critical projects. Paul has worked in the software industry for 16 years, with most of his experience focused on developing static-analysis, automated-testing, and program-transformation tools. A significant portion of his work has involved applying program analysis to improve security. His research on static analysis tools and techniques has been reported in numerous articles, journal publications, book chapters, and international conferences.