5 posts categorized "Internet of Things"

07/21/2014

VDC Embedded Jama Software Webinar

How to Understand Requirements Management to Develop and Deliver Faster

For Embedded Systems Developers, Time to Market is Critical. Learn the No. 1 Strategy to Develop and Deliver Faster.

During this free webinar on Wednesday, July 23 at 1:00pm ET / 10:00am PT, VDC Research analyst André Girard and Jama Software co-founder Derwyn Harris will present on the growing necessity for requirements management (RM) tools in the face of today’s increasingly complex code bases, distributed development teams, and stricter budgets.

OEMs are facing constant pressure for innovation even with tight budgets, and they are dedicating more of their resources towards software development. Despite the importance of well-written requirements in the software development lifecycle, usage rates of RM tools are still dangerously low, with only 23% of embedded engineers polled by VDC in 2014 indicating they were using a formal RM solution on their current project. To meet demands for an accelerated pace of software content creation, developers will need to better utilize RM tools to monitor and manage the development lifecycle from beginning to end.

This webinar will explore: 

  • How has the software development process changed? 
  • What challenges are OEMs facing today? 
  • How do RM tools help deal with these challenges? 
  • How can RM tools save time and money for OEMs?

Tune in to this webinar to learn the answer to these questions and more. Those who register for this webinar will also receive a free copy of VDC Research’s report, “Pinching Pennies on Requirements Management is Too Costly”, by André Girard.

Click here to register for the webinar. To learn more about the research and products offered by VDC Research’s Embedded Software & Tools practice, click here.

 

Patrick McGrath

Research Associate, VDC Research

06/18/2014

IoT Necessitates Changes in Both People and Technology

The requirements of the devices composing the Internet of Things are changing rapidly. The embedded market no longer consists of dedicated-purpose devices that may or may not be connected. Engineering organizations and deploying enterprises must now design scalable system topologies that can integrate new devices and adapt to the IoT’s evolution. While these next-generation systems are required to facilitate downstream device/node management as well as efficient upstream data transfer and analytics, they must also do so dynamically, allowing for more intelligence and flexibility in node role and workloads within sub-network architectures.

This recognition of a need for change in legacy technologies can already be seen in the shift in programming languages used by embedded engineers. In the past five years, the percentage of engineers using Java in the embedded market has more than doubled. Embedded industry stalwarts such as C will certainly maintain a substantial footprint going forward given the existing software assets and expertise at OEMs, but the results confirm that the market is rapidly looking to new and/or multi-language development to satisfy the requirements of next-generation projects.

Picture1

IoT Skill Set Gap Exacerbated by Existing Embedded Resource Gap

The existing embedded engineering resources unfortunately cannot keep pace with the IoT’s time-to-market and content creation requirements. Already this community has been struggling to meet the needs of pre-IoT development projects. Now, the industry is faced with a dynamic in which not only does it need more efficiency, but the existing population of embedded engineers also cannot scale organically to meet the new software content creation requirements. Today, there are just over 1 million embedded engineers globally, with only 35% of that community holding software engineering-specific primary roles. In order to adapt to the new IoT development demands and respond to this dearth of traditionally skilled resources, OEMs must look to new labor pools.

The global Java community, which is estimated to consist of approximately 9 million developers, offers an opportunity to draw upon an increasingly relevant labor and expertise pool. The value of traditional embedded engineering skill sets has already been partially devalued due to IoT system evolution. Now, knowledge of connectivity stacks and UI development often must be placed at a premium over skills such as footprint optimization. Furthermore, technology like Java’s virtual machines create an abstraction layer that can reduce hardware dependencies and the subsequent rework and optimization that would have previously required more traditional embedded firmware engineers. Despite the already rapid adoption of Java (by embedded standards), we believe that the impending blurring of the distinction between embedded and IT Java developers will reinforce the technology’s adoption and relevance going forward. The wide access to the existing ecosystem of Java tools and third-party software, combined with a growing embedded partner ecosystem spanning semiconductor/IP companies, tool, and hardware/system manufacturers will no doubt further reduce switching costs and any lingering reservations held within many embedded industries.

We will be exploring the business and technical impact of the IoT in a webcast tomorrow with Oracle:

Date: Thursday, June 19, 2014 

Time: 9:30 AM PDT, 12:30 PM EDT, 17:30 GMT

Join this webcast to learn about:

  • Driving both revenue opportunities and operational efficiencies for the IoT value chain
  • Leveraging Java to make devices more secure
  • How Java can help overcome resource gaps around intelligent connected devices
  • Suggestions on how to better manage fragmentation in embedded devices

Register here:

http://bit.ly/1oOuuS9

06/16/2014

PTC Acquires Atego, Broadens ALM Support for Product Development

What happened?

PTC (NASDAQ: PTC) announced today it has entered into a definitive agreement to acquire Atego, a leading developer of model-based systems and software engineering applications based in the UK, for $50 million in cash. The transaction is expected to be completed in PTC’s fiscal fourth-quarter 2014, which begins in July. According to PTC’s press release, Atego had approximately $20 million in revenue over the course of the past 12 months, and the company expects it will achieve approximately $5 million in revenue from Atego in PTC’s fiscal fourth-quarter 2014.

VDC’s View

Several recent acquisitions by PTC have targeted services lifecycle management (SLM). The combination of PTC’s SLM portfolio and their IOT capabilities through ThingsWorx provides an impressive depth and breadth of solutions for extending customer relationships post-deployment.

This newest addition of modeling tools from Atego strengthens PTC’s portfolio of product lifecycle management and application lifecycle management solutions and helps reinforce a systems engineering focus. Atego’s Model-Based Systems Engineering solutions connects requirements engineering, architecture modeling, physical product definition, and system verification functions.

Today’s smart, connected products depend on the tight integration of sophisticated components from multiple engineering domains, raising the value proposition of increased cross-discipline coordination and communication. The combination of Artisan Studio from Atego with their existing tooling portfolio enables PTC to offer solutions that help their customers increase efficiency and product standardization in embedded industries where increasingly connected products are created from systems of complex mechanical, electrical, and software systems.

Stay tuned here for further insight in the coming days.

VDC will be exploring these and other trends in greater depth within our upcoming Software & System Lifecycle Management Tools research program.  Please contact us for additional information.

 

By Patrick McGrath, (Research Assistant, M2M & Embedded Technology) and Andre' Girard (Senior Analysis, M2M & Embedded Software)

04/23/2014

Exploiting the Exploit: The Marketing of Heartbleed

No doubt anyone reading this post is already aware of the Heartbleed bug affecting OpenSSL implementations of the TLS Internet security protocol. Heartbleed has received massive press coverage –deservedly so given its potential implications for a significant portion of web sites and Internet-connected devices. We won’t belabor the technical details of the bug, which are summarized nicely at Heartbleed.com. What we will discuss is how Heartbleed has been publicized. To the best of our knowledge, Heartbleed is the first computer systems bug to have both its own website and its own logo, the cute bleeding heart. As such, Heartbleed sets a precedent that will have both positive and negative ramifications for future vulnerabilities and malware.

Heartbleed2The Heartbleed website and logo were developed by the Finnish company Codenomicon, which makes fuzz testing software and provides security test services. Although the bug, officially dubbed CVE-2014-0160, was independently discovered by Neel Mehta of Google and several engineers at Codenomicon, the latter company is the one that turned it into a household word. Even among the vast majority of the population who have no idea what OpenSSL is, people everywhere quickly found out that a major bug could compromise their Internet security. For that, Codenomicon deserves thanks.

In addition, the Internet industry commendably jumped into action, with some websites being patched even before the disclosure became public and many other sites within a few days. (Patches to potentially affected embedded devices may take years, but that’s another story, and the process by which certain firms got early notification of Heartbleed is yet another...)

Despite the cooperation of Internet powers in addressing Heartbleed, VDC sees several disconcerting implications in the way the bug CVE-2014-0160 became Heartbleed the logo.

First, Codenomicon undoubtedly got a huge boost in its profile by virtue of its role in publicizing Heartbleed. Therefore, we anticipate that other security firms will seek similar attention when they discover significant vulnerabilities. We wouldn’t be surprised if discoverers prepare websites and logos before they even disclose the bugs, then flip the switch to launch their sites instantly upon disclosure. That may again produce rapid, coordinated reaction to fix the problem, but it raises questions about possibly overstating the risks associated with lesser vulnerabilities in the name of garnering publicity.

The Heartbleed bug was a biggie, deserving of widespread attention, whereas most bugs are rather mundane. Flaunting them won’t quite constitute crying wolf in the absence of threat, but it may be the equivalent of crying wolf when there’s just a loose dog poking around among the sheep.

Second, prankster-level hackers could conceivably set up fake vulnerabilities web pages, causing temporary wastes of much effort and energy before being debunked. That’s the equivalent of yelling  “Fire!” in a crowded theater.

Third, and most egregious, would be malicious hackers who publicly announce a vulnerability (either real or fake) for the purpose of exploiting a different vulnerability while everyone is distracted with the first one. That’s yelling “Fire!” (or actually setting a fire) in the theater so they can rob a bank across town while the police and firemen are occupied. Password phishing email campaigns can already come in swift response to disclosure of real vulnerabilities. Now, we anticipate hackers coordinating both the disclosure and the phishing campaigns.

Sad to say, despite all the benefits of renewed examination of security protocols that will come out of the Heartbleed bug, there remain many who will seek to maximize their own gains by learning from the reactions of others.

12/10/2013

The AllJoyn Protocol: Does Its Openness Compromise Security?

On December 10, the Linux Foundation announced the formation of the AllSeen Alliance, an industry consortium that seeks to expand the Internet of Things in home and industry. Premier members include: Haier, LG Electronics, Panasonic, Qualcomm, Sharp, Silicon Image and TP-LINK, with more than a dozen additional community member companies.

The members plan to adopt an open-source peer-to-peer communications framework called AllJoyn, originally developed by Qualcomm Innovation Center and launched back in 2011. Qualcomm has now contributed AllJoyn to the Alliance. AllJoyn is hardware agnostic and can run on multiple popular OSs including Linux, Android, iOS, and various Windows desktop and embedded versions (despite the Alliance being announced by the Linux Foundation). You can find technical details of AllJoyn at www.alljoyn.org, so we won’t describe the protocol at length here.

AllJoyn enables devices to interact at the app-to-app level. The protocol handles much of the communication over ad hoc proximity networks, such as Bluetooth and Wi-Fi, with the ability to mix and match devices with different communications protocols, so that apps don’t have to deal with the lower level functions. Qualcomm’s early emphasis was to enable multi-player gaming across a variety of unlike devices, but the AllSeen Alliance seeks to foster adoption across a much broader range of devices in “the Internet of Everything.”

AllJoyn facilitates authentication and encrypted data transactions between devices. But how will AllJoyn prevent unintended devices from joining a group of devices given that the protocol was designed to make device discovery and connectivity as easy as possible?

In the case of Wi-Fi, assuming that the network is set up with proper Wi-Fi Protected Access (WPA), AllJoyn doesn’t make it any easier to gain access to the network without the security key, particularly if the network is set up to allow only whitelisted devices. For Bluetooth, a hacker within range (about 10 meters) conceivably could spoof the identity of a known device, to trick a user into accepting it into the network. In conventional Bluetooth communications, once devices are paired and connected, they could have free reign over numerous applications on each other. With AllJoyn, the protocol can be used to limit which apps can talk to each other on which device. In that sense, AllJoyn should actually increase the security of Bluetooth devices. When combined with encrypted communications, no security holes are obvious (although it’s best to assume that hackers will discover some).

In addition, AllJoyn devices are able to communicate with each other in the absence of any Internet connection, which in certain scenarios will eliminate entire realms of security risk.

VDC expects that the AllSeen Alliance will succeed in gaining acceptance of AllJoyn for consumer electronics and home control applications. But the very names AllSeen and AllJoyn imply a degree of openness that won’t inspire confidence among industrial and critical infrastructure users. The convenience advantages of AllJoyn probably won’t outweigh security concerns for those users.