127 posts categorized "Software Development Tools"


IoT Application Platforms – What Company Will Take the Next Bite?

Few areas of technology or business can match the current levels of interest and anticipation surrounding the internet of things (IoT). Embedded engineering organizations and enterprises alike are struggling to keep pace with the expected rate of IoT change. They are rapidly modifying their business plans to pursue new service revenue opportunities enabled by the IoT. But challenges from tighter time-to-market windows and project requirements that extend far beyond existing internal skill sets is yet again recasting the traditional software build-versus-buy calculation. More organizations now recognize the need for new third-party development and management platforms to help them jumpstart IoT application creation and monetization.

VDC Research initiated coverage of this dynamic segment with the recent publication of the IoT Application Development and Deployment Platform (ADDP) market report. The executive summary is available here. We forecast revenue from IoT ADDP solutions is forecast to expand at over 40% compound annual growth rate (CAGR) through 2016. As one might expect, this pace of revenue growth in the ADDP segment and the IoT at large has drawn the attention of larger software and system solution providers.

As part of PTC’s strategy to supply “closed-loop lifecycle management” for systems engineering, the company bought two of the leading ADDP suppliers. (See more on this strategy here) PTC acquired ThingWorx in December 2013 and Axeda in August 2014. In March 2015, IBM announced plans to invest $3 billion in a new 'Internet of Things' unit over the next four years. But the Amazon acquisition of 2lemetry, also in March 2015, demonstrates that interest in entering this sector is not be limited to organizations currently competing in the ALM or PLM solutions market.

  TakeOver1 sharks jpeg

As the IoT matures, more embedded devices and back-end enterprise systems will continue to be linked together over communication networks in order to provide differentiating and lucrative services. Companies viewing the rapidly expanding ADDP opportunity as an adjacent market will come from broad range of segments including providers of operating systems, semiconductors, telecommunication networks, computing hardware/modules, enterprise back-end systems, and other software solutions. Independent providers of IoT application platforms should plan for new competitors and potential suitors from a number of domains.

Stay tuned, we expect that more companies with deep pockets and expansive sales distribution will likely follow the lead of Amazon and PTC by entering the ADDP segment via acquisition in the next few years.


For more information, we invite you inquire about our research and download the executive summary of our IoT Application Development and Deployment Platform; it is available here.


Under Pressure: Your Embedded System Needs to Modernize Requirements Management (RM)

Recording of This Webinar from VDC Research and Jama Software is Now Available

 New variables continue to emerge, making software development in both the embedded/systems and enterprise/IT domains more complex – and in many ways, more similar. For instance, the requirement to design software in accordance with regulatory mandates, which is increasingly common in the embedded industries, now also extends into several segments of the enterprise, such as banking. Likewise, the Cloud and IoT are becoming more of a focal point for technology and innovation in both realms. This is driving an explosion in new software-focused business plans, devices, categories, and features, which are more closely tied to high-value corporate and consumer activities. The future of connected, intelligent products – while providing new opportunities – also raises the expectations for continued content delivery and functionality evolution.

As reliance on software to deliver value and differentiation increases, the amount and range of employees involved in the management of software creation is expanding. More organizational stakeholders, including many who may lack direct software development experience, now need direct insight into the software development lifecycle in both embedded and enterprise organizations. And with this expanding pool of software development stakeholders, it’s increasingly important to ensure the proper  processes and the right tooling – like a formal requirements management solution – are in place to help facilitate effective communication and collaboration through the full development lifecycle. Among other changes, it will be critical for these tools to provide socially collaborative features, to automatically link critical development data from other tools, and to present it in an easy-to-comprehend format for all development stakeholders.

With the Shift from Project- to Product-Based Software Design Approaches, IT Developers More Closely Resemble Their Embedded Peers.

New Picture

The embedded – enterprise/IT convergence also includes organizational strategies for software development teams. Many IT groups are now trying to move from a project-based approach for software delivery to one that defines products and organizes teams around them. This organizational structure more closely resembles the typical configuration in embedded or systems development teams. While significant differences remain in place, we also see that decisions around tooling, programming languages, and development methodologies show similar signs of convergence between the embedded and enterprise development markets. As IT organizations continue to evolve, they will have a greater need for system lifecycle management tools focused on optimizing iterative development methodologies with capabilities such as contextual collaboration, impact analysis, and decision tracking over a traditional focus on formal reviews or approvals and change management.


To hear more about this and other pressures facing developers that raise the importance of requirements management solutions, I encourage you to listen to our recent webinar with Jama Software

Click here to for the webinar recording. To learn more about the research and products offered by VDC Research’s IoT and Embedded Software Development practice, click here.


Where To Next For PTC After ColdLight Analytics Acquisition?

PTC logoAt this month’s LiveWorx event put on by PTC (formerly known as Parametric Technology Corp.), the news highlight was the company’s acquisition of IoT analytics firm ColdLight. (See press release here.) ColdLight’s Neuron software for cloud or on-premise datacenters applies machine learning technology to M2M and IoT data, automating predictive analytics tasks. The ColdLight acquisition was a logical extension to PTC’s prior acquisition of ThingWorx and Axeda in the IoT space.

At the front end of the product development process, PTC has assembled software offerings for product lifecycle management (Windchill), computer-aided design (Creo), application lifecycle management and systems engineering (Integrity). Combined with service lifecycle management and the IoT pieces, PTC has essentially created a set of end-to-end solutions for IoT product development and deployment. However, VDC believes that PTC could do more to fill out the middle of its end-to-end portfolio.

Design of embedded devices generally consists of three major areas: mechanical engineering, electronic engineering, and software development. PTC has the first and last of those well covered, but it offers little in the way of electronic engineering tools, save for electronic design automation software for circuit boards, acquired with the company OHIO Design Automation back in 2004 (and since integrated into Windchill).

There are many types of electronic hardware system development tools, and it may be challenging for PTC to dip another toe into that market without diving in completely. Nevertheless, VDC believes that one particular type of electronic design tool would dovetail nicely with PTC’s software development offerings without necessarily getting the company in over its head in electronic design:  virtual prototyping/simulation. Such tools enable the simulation of electronic hardware systems. Although virtual prototyping is often used by semiconductor makers to simulate the behavior of their own chips prior to fabrication, a growing market for virtual prototyping is as a tool for software developers to get a head start on their development work prior to the existence of physical prototypes of the electronic hardware.

PTC already offers mechanical/CAD simulation for Creo. An electronic hardware simulation tool could enable earlier software development for customers using PTC’s Integrity, acting as a bridge between hardware and software development.

Wherever PTC chooses to aim next, its acquisition days aren't over.


VDC Research is attending Embedded World 2015!

Contact us ASAP to schedule a meeting

VDC will be making the trip across the Atlantic again this year to visit the largest embedded technology tradeshow of the year, Embedded World in Nuremberg, Germany. Last year, the conference boasted 26,700 visitors and 856 exhibiting companies!.

While we are at the conference, we welcome the opportunity to meet with attending vendors to learn more about their embedded solutions and any show-related (or other recent) announcements.

You can arrange a meeting time with VDC by contacting us directly.

For meetings contact:

André Girard, Senior Analyst, IoT & Embedded Technology, agirard@vdcresearch.com, 508.653.9000 x153; or
Steve Hoffenberg, Director, IoT & Embedded Technology, shoffenberg@vdcresearch.com, 508.653.9000 x143.

Haven't decided if you're attending Embedded World yet?

Please check out the Embedded World website for more information on the conference program as well as information on all of the companies that will be exhibiting.

We look forward to seeing you at the show!


Where's The Action On Security Concerns?

Recognition of Software Security Issues Are High; Mitigation is Not

I read an interesting report from Spiceworks recently about mobile security actions by IT departments...or perhaps, lack of actions might be more accurate. The report, which is free to download, shows that nearly all IT professionals are worried about security risks affecting mobile devices supported by their company. However, this level of concern vastly outweighs the level of action their organizations have actually taken to lessen security threats.

This central finding, while disappointing, does not come as a surprise. Year after year, we see a persistent gap between awareness of software security importance and the steps taken to mitigate these issues. To help inform our analysis of the software and systems development market, VDC conducts an extensive end-user survey of global development community. In 2014, only 7.7% of embedded engineers surveyed considered security “not at all important” on their current project; just 2% of enterprise/IT developers felt the same way. Yet 22% of the respondents in embedded and 12% from enterprise report their organization has taken no actions in response to security requirements on their current project.

Picture3 - ATVT security

Need to Close the Awareness – Action Gap

The potential financial and safety impacts of software vulnerabilities have been clearly demonstrated by several recent and very public cases. Incidents, such as those exposing customer data from major retailers and software-related automotive recalls can dominate news cycles, damage brand equity, and more importantly - risk lives.

A growing reliance on software for embedded device functionality and to manage financial data has raised the importance of actively addressing security considerations during software design. Unfortunately, the velocity of software innovation is outpacing the application of safeguards and challenges continue to mount. Code base volume and complexity continues to rise. Development teams are increasingly utilizing alternative code sources including open-source software to meet their time-to-market windows. The number of potential entry points for malicious activities is increasing exponentially as more connected devices are deployed as part of the Internet of Things (IoT).

Teams designing software for the IT or embedded markets should start testing for security vulnerabilities early in the development lifecycle when resolution is the least costly. We recommend static and binary analysis as effective tools for finding the most common security defects such as buffer overflows, resource leaks, and other vulnerabilities. Use of these solutions should be incorporated as part of a comprehensive testing regime. Undoubtedly, the ramifications of software vulnerabilities are too severe to leave addressed by manual processes or chance.


More insight and Recommendations

For further investigation and discussion about this and other important trends in the automated test and verification tool landscape, as well as other disruptive shifts in systems lifecycle management, please see our 2014 Software and System Lifecycle Management (SSLM) intelligence service.


How Significant is ARM’s mbed OS?

For microcontrollers (MCUs) used in embedded devices, intellectual property supplier ARM is the clear market leader. In a recent forecast for VDC Research’s report “The Global Market for Embedded Processors,” ARM-based MCUs accounted for more than half of the unit shipments using non-proprietary architectures in 2013 (see chart).

MCU Shipments by Architecture

The Cortex-M series is the main line of ARM MCUs, and is the most prevalent architecture used in embedded devices for the IoT. So when ARM announced on October 1 at the TechCon convention and trade show that the company would provide a free operating system—the mbed OS—for the M-series, it created considerable buzz in the industry, as well as some consternation and a bit of confusion.

ARM has been using the mbed name since 2005 for “maker”-style development platforms based on Cortex-M series MCUs, along with a large community of developers and an extensive software library. But the new announcement greatly expands the original mbed concept. The mbed name now encompasses not only the new operating system, but also: a cloud connectivity platform (mbed Device Server); a set of development tools (mbed Tools); and an ecosystem of partners (mbed Partners). Effectively, mbed has become a line of both products and services. ARM says that collectively, mbed will “accelerate Internet of Things deployment.” In this blog post, we’ll focus on the mbed operating system.

The embedded industry is already rife with many dozens of operating systems, ranging from bare bones to fully-featured. These include commercially-licensed binaries (closed source), commercially-licensed open source, free open source, as well as proprietary in-house OSs.

For resource-constrained embedded devices, the free open source offerings have been popular but limited in the extent of their development. Generally, commercially-licensed OSs are more professionally designed, thoroughly tested, and robust.

Several aspects of the mbed OS are noteworthy. First, ARM says that its free OS will be commercial grade. By offering it for free, the mbed OS will compete with some of the commercial embedded OSs already on the market. However, in his keynote speech at TechCon, ARM’s CTO Mike Muller emphasized that the mbed OS will not be a real time operating system (RTOS). Many IoT devices require the time-critical determinism of an RTOS, most notably in safety critical applications such as avionics, automotive systems, factory automation, and the like. The lack of real time functions will limit the breadth of applicability for mbed OS, and the extent to which it will compete with many of the commercial OSs on the market.

Second, ARM said its main intention of releasing the OS along with the mbed Device Server was to ease embedded software development to handle the many security concerns and communications protocols used in IoT, as those are often sticking points for developers not previously experienced with connected devices. Zach Shelby, Directory of Technical Marketing for the ARM’s IoT initiatives, noted that even devices running competing commercial OSs will be able to take advantage of mbed Device Server connectivity services. As Shelby described it, ARM isn’t trying to compete with OS vendors, the company is trying to ensure that IoT developers have adequate support to bring products to market in a timely manner.

Third, although ARM did not mention this in its press information Shelby told VDC that much of the mbed OS source code would be made available as open source. He also said that a few specific software components (such as some security modules) would be released only as binaries, i.e. closed source, which is why the company hasn’t been touting the OS as “open source.”

And fourth, ARM’s announcement only described the mbed OS as being for the M-series MCUs, but Shelby told us that partners will be able to adapt the open source code for ARM’s other series of processors. Indeed, at least one hardware vendor on the show floor was demonstrating a working version of the mbed OS on a Cortex A-series microprocessor. However, the higher performance A-series line is often used with more fully featured operating systems (e.g. Linux), and VDC doesn’t consider it to be a major target for the mbed OS.

All-in-all, VDC believes that the mbed OS will be significant for how it should speed up development for new entrants in the IoT. It probably won’t cause a major upheaval in the broad market for commercial embedded OSs, but a few of the OS vendors at the low end of the market are likely to be adversely impacted.


IoT Lessons from the Russian CyberVor Hacking

Widely reported during the first week of August was the revelation that a group of Russian hackers known as CyberVor had amassed a database of 1.2 billion usernames and passwords, as well as more than 500 million email addresses. The New York Times originally broke the story, based on findings from the firm Hold Security. Unlike the Target retail data breach of late 2013 and the more recent eBay breach, CyberVor’s loot is not the result of one or two large breaches, but rather a large number of breaches of all sizes. Hold Security says that the data came from 420,000 websites, ranging from large household-name dotcoms down to small sites. Most of the sites were breached using SQL injection techniques through malware infecting the computers of unwitting legitimate users.

Breaches of major websites or retailers tend to be highly concentrated, narrowly focused efforts, whereas the database collected by CyberVor appears to be the result of casting a very wide (bot)net, trawling the world wide web for anything the group could catch.

What lessons can the CyberVor revelation teach us (or reinforce) about the Internet of Things?

Lesson #1: No IoT site (either physical or virtual) is too small to be attacked. Many users are tempted to think, “Why would anyone bother to hack my little IoT network?” The answer is, “Because they can.”

Lesson #2: Even data that has little or no value to hackers on its own may have value when aggregated.  If you think your data is worthless to others, you’re probably wrong. Big data is comprised of a whole lot of little data.

Lesson #3: Authorized users or devices are not necessarily safe just because they are authorized. Follow the principle of least privilege, in which users or devices only have access to the minimum amount of data and system resources necessary to perform their functions.

Lesson #4: Monitor your networks for atypical or unexpected movements of data. This is challenging in practice, because valid usage occasionally may not follow past patterns. Nevertheless, at a minimum the system should have a way to throw up a red flag if a user or device is attempting to copy large portions of a database.

Lesson #5: Don’t neglect the basics. SQL injection attacks as well as buffer overflows and cross-site scripting are common and easily preventable. Most software code analysis tools can check for vulnerabilities to such attacks early in the development process.

Lesson #6: Conduct independent penetration tests on your devices and networks. If you think that your own engineers already have covered every possible attack vector, you’re probably wrong. You need outside eyeballs incentivized to find flaws without concern about stepping on coworkers’ toes.

And lastly, Lesson #7: At the risk of stating the obvious, encrypt your data. Any database that is accessible either directly or indirectly from the Internet is worth encrypting. Passwords in particular are keys to the kingdom. Encrypt them with salted hash techniques and strong algorithms. There is never a valid reason to store passwords in plain text.

If the websites breached by CyberVor already had learned these lessons, the hack wouldn’t even have been newsworthy.

For more insights into IoT security issues, check out VDC’s research program on Security & the Internet of Things.


VDC Research is attending Agile2014 in Orlando July 28-29

We are attending the Agile2014 conference in Orlando

Agile2014 is organized by the Agile Alliance, and it is intended to promote the principles of Agile and serve as an opportunity for all of the foremost experts and innovators in the field to come together. The conference boasts over 240 talks and workshops across 16 program tracks and over 1,800 attendees. For more information about Agile2014 and to register for the event, click here.

Make sure to attend the Industry Analyst Panel Discussion: Agile Trends and Future Directions on Tuesday, June 29 to see VDC’s Chris Rommel speak on the panel.


“The improved communication and expanded collaboration of Agile software development is helping early adopters discover new engineering synergies and increase their planning predictability. There is wider recognition for the effectiveness of more flexible and iterative strategies such as Agile and cross-engineering domain integration in addressing systems development challenges and rapidly responding to shifting customer needs or market expectations. Better management of design interdependencies through cross-domain integration can often increase operational efficiencies, resulting in cost savings. Use of these methods helps organizations further advance toward a continuous engineering approach, accelerating the pace of software content creation.”

-From André Girard, VDC Research


Contact us directly to schedule a meeting!

We would like to learn more about your company’s solutions and personal experiences, and we welcome the opportunity to meet attending vendors. VDC will be at the conference on Monday, June 28 and Tuesday, June 29. Please contact us directly f you would like to arrange a meeting.

Contact André Girard, Senior Analyst, M2M Embedded Technology Practice, VDC Research Group at agirard@vdcresearch.com or 508.653.9000 x153.

About VDC Research

VDC has been covering the embedded systems market since 1994 and the use of lifecycle management solutions since 2000. To learn more about VDC’s coverage of Software and System Lifecycle Management Tools, check out our website here, and to see what other research and products are offered by VDC Research’s Embedded Software & Tools practice, click here


-Patrick McGrath

Research Associate, VDC Research


VDC Research is Attending IBM Innovate2014 in Orlando

VDC Research will be attending Innovate2014, IBM’s Technical Summit in Orlando, June 1-3, 2014. IBM has planned an exciting agenda for the conference highlighting continuous engineering, DevOps, and Innovation.

We are also pleased to announce Chris Rommel, Executive Vice President of M2M Embedded Technology is a speaker for an important panel discussion, “Best Practices for Agile Product Development”, to be held Monday, June 2. We encourage you to attend.

Best Practices for Agile Product Development discussion overview:

Agile methods are popular and effective in software development for complex products. But, the application of agile principles to the broader product development process offers the prospect of even greater business value through improved productivity and predictability and better management of change. This session presents a panel of several experts to discuss the challenges of extending agile beyond software processes. These experts will also address key approaches that can maximize the value for product development organizations.

Haven't decided yet if you're attending IBM Innovate2014? Please check out the Innovate2014 website for more information on the conference program, scheduled speakers, as well as information on companies that will be exhibiting. We hope to see you there.


Outsourced Code Development Driving Automated Test Tool Market

The M2M embedded software team here at VDC Research just published a new report, 2013 Automated Test & Verification Tools (ATVT), volume 3 of our Software & System Lifecycle Management Tools intelligence service. The report looks into the most critical trends and market drivers impacting the rapidly evolving use of dynamic test and static analysis tools in the embedded and enterprise/IT markets.

We expect revenues for several product segments within ATVT to expand at a double digit growth rate over the next several years, fueled by a number of factors.

One of the primary challenges fueling ATVT use is that code bases are expanding in size and complexity as software comes to account for an ever greater percentage of system value. Companies face increasing pressure to deliver more advances through software, and to do so faster. These organizations are looking to several strategies, such as off-shoring to accelerate the pace development while remaining within budget. This outsourcing of embedded systems development enables the use of skilled engineers available at considerably lower labor rates found in the international labor market.

Untitled png

The challenge of coordinating geographically distributed development teams is one of the factors that we continue to see as a major driver for increased use of formal lifecycle management tools. Our research shows project teams with geographically distributed team members are more likely to use automated test tools than those all sharing the same location. We expect it will become increasingly critical for vendors to ensure their test platforms provide the reliable, scalable performance required to execute and manage tests for large installations across distributed geographic locations. There is opportunity for ATVT suppliers to increase revenue and gain market share by providing solution suites with the functionality these customers demand. Many of these organizations will need broader solution suites that enable creation of software code governance, policy definition, testing against those policies, and enforcement of quality, security and efficiency metrics.

More insight

For further investigation and discussion about these trends and others, please see our recently published report, 2013 Automated Test and Verification Tools, volume 3 of our 2013 Software & System Lifecycle Management Tools Market Intelligence Service. This report analyzes the emerging trends for commercially available testing tools, including static analysis, dynamic, and model-based tools. It also covers the previously mentioned tool types used for general software quality testing and defect detection as well as those used for application security testing and vulnerability management.

Please contact us for more information.

My Photo