121 posts categorized "Software Development Tools"

08/07/2014

IoT Lessons from the Russian CyberVor Hacking

Widely reported during the first week of August was the revelation that a group of Russian hackers known as CyberVor had amassed a database of 1.2 billion usernames and passwords, as well as more than 500 million email addresses. The New York Times originally broke the story, based on findings from the firm Hold Security. Unlike the Target retail data breach of late 2013 and the more recent eBay breach, CyberVor’s loot is not the result of one or two large breaches, but rather a large number of breaches of all sizes. Hold Security says that the data came from 420,000 websites, ranging from large household-name dotcoms down to small sites. Most of the sites were breached using SQL injection techniques through malware infecting the computers of unwitting legitimate users.

Breaches of major websites or retailers tend to be highly concentrated, narrowly focused efforts, whereas the database collected by CyberVor appears to be the result of casting a very wide (bot)net, trawling the world wide web for anything the group could catch.

What lessons can the CyberVor revelation teach us (or reinforce) about the Internet of Things?

Lesson #1: No IoT site (either physical or virtual) is too small to be attacked. Many users are tempted to think, “Why would anyone bother to hack my little IoT network?” The answer is, “Because they can.”

Lesson #2: Even data that has little or no value to hackers on its own may have value when aggregated.  If you think your data is worthless to others, you’re probably wrong. Big data is comprised of a whole lot of little data.

Lesson #3: Authorized users or devices are not necessarily safe just because they are authorized. Follow the principle of least privilege, in which users or devices only have access to the minimum amount of data and system resources necessary to perform their functions.

Lesson #4: Monitor your networks for atypical or unexpected movements of data. This is challenging in practice, because valid usage occasionally may not follow past patterns. Nevertheless, at a minimum the system should have a way to throw up a red flag if a user or device is attempting to copy large portions of a database.

Lesson #5: Don’t neglect the basics. SQL injection attacks as well as buffer overflows and cross-site scripting are common and easily preventable. Most software code analysis tools can check for vulnerabilities to such attacks early in the development process.

Lesson #6: Conduct independent penetration tests on your devices and networks. If you think that your own engineers already have covered every possible attack vector, you’re probably wrong. You need outside eyeballs incentivized to find flaws without concern about stepping on coworkers’ toes.

And lastly, Lesson #7: At the risk of stating the obvious, encrypt your data. Any database that is accessible either directly or indirectly from the Internet is worth encrypting. Passwords in particular are keys to the kingdom. Encrypt them with salted hash techniques and strong algorithms. There is never a valid reason to store passwords in plain text.

If the websites breached by CyberVor already had learned these lessons, the hack wouldn’t even have been newsworthy.

For more insights into IoT security issues, check out VDC’s research program on Security & the Internet of Things.

07/22/2014

VDC Research is attending Agile2014 in Orlando July 28-29

We are attending the Agile2014 conference in Orlando

Agile2014 is organized by the Agile Alliance, and it is intended to promote the principles of Agile and serve as an opportunity for all of the foremost experts and innovators in the field to come together. The conference boasts over 240 talks and workshops across 16 program tracks and over 1,800 attendees. For more information about Agile2014 and to register for the event, click here.

Make sure to attend the Industry Analyst Panel Discussion: Agile Trends and Future Directions on Tuesday, June 29 to see VDC’s Chris Rommel speak on the panel.

 

“The improved communication and expanded collaboration of Agile software development is helping early adopters discover new engineering synergies and increase their planning predictability. There is wider recognition for the effectiveness of more flexible and iterative strategies such as Agile and cross-engineering domain integration in addressing systems development challenges and rapidly responding to shifting customer needs or market expectations. Better management of design interdependencies through cross-domain integration can often increase operational efficiencies, resulting in cost savings. Use of these methods helps organizations further advance toward a continuous engineering approach, accelerating the pace of software content creation.”

-From André Girard, VDC Research

 

Contact us directly to schedule a meeting!

We would like to learn more about your company’s solutions and personal experiences, and we welcome the opportunity to meet attending vendors. VDC will be at the conference on Monday, June 28 and Tuesday, June 29. Please contact us directly f you would like to arrange a meeting.

Contact André Girard, Senior Analyst, M2M Embedded Technology Practice, VDC Research Group at agirard@vdcresearch.com or 508.653.9000 x153.

About VDC Research

VDC has been covering the embedded systems market since 1994 and the use of lifecycle management solutions since 2000. To learn more about VDC’s coverage of Software and System Lifecycle Management Tools, check out our website here, and to see what other research and products are offered by VDC Research’s Embedded Software & Tools practice, click here

 

-Patrick McGrath

Research Associate, VDC Research

05/22/2014

VDC Research is Attending IBM Innovate2014 in Orlando

VDC Research will be attending Innovate2014, IBM’s Technical Summit in Orlando, June 1-3, 2014. IBM has planned an exciting agenda for the conference highlighting continuous engineering, DevOps, and Innovation.

We are also pleased to announce Chris Rommel, Executive Vice President of M2M Embedded Technology is a speaker for an important panel discussion, “Best Practices for Agile Product Development”, to be held Monday, June 2. We encourage you to attend.

Best Practices for Agile Product Development discussion overview:

Agile methods are popular and effective in software development for complex products. But, the application of agile principles to the broader product development process offers the prospect of even greater business value through improved productivity and predictability and better management of change. This session presents a panel of several experts to discuss the challenges of extending agile beyond software processes. These experts will also address key approaches that can maximize the value for product development organizations.

Haven't decided yet if you're attending IBM Innovate2014? Please check out the Innovate2014 website for more information on the conference program, scheduled speakers, as well as information on companies that will be exhibiting. We hope to see you there.

10/22/2013

Outsourced Code Development Driving Automated Test Tool Market

The M2M embedded software team here at VDC Research just published a new report, 2013 Automated Test & Verification Tools (ATVT), volume 3 of our Software & System Lifecycle Management Tools intelligence service. The report looks into the most critical trends and market drivers impacting the rapidly evolving use of dynamic test and static analysis tools in the embedded and enterprise/IT markets.

We expect revenues for several product segments within ATVT to expand at a double digit growth rate over the next several years, fueled by a number of factors.

One of the primary challenges fueling ATVT use is that code bases are expanding in size and complexity as software comes to account for an ever greater percentage of system value. Companies face increasing pressure to deliver more advances through software, and to do so faster. These organizations are looking to several strategies, such as off-shoring to accelerate the pace development while remaining within budget. This outsourcing of embedded systems development enables the use of skilled engineers available at considerably lower labor rates found in the international labor market.

Untitled png


The challenge of coordinating geographically distributed development teams is one of the factors that we continue to see as a major driver for increased use of formal lifecycle management tools. Our research shows project teams with geographically distributed team members are more likely to use automated test tools than those all sharing the same location. We expect it will become increasingly critical for vendors to ensure their test platforms provide the reliable, scalable performance required to execute and manage tests for large installations across distributed geographic locations. There is opportunity for ATVT suppliers to increase revenue and gain market share by providing solution suites with the functionality these customers demand. Many of these organizations will need broader solution suites that enable creation of software code governance, policy definition, testing against those policies, and enforcement of quality, security and efficiency metrics.

More insight

For further investigation and discussion about these trends and others, please see our recently published report, 2013 Automated Test and Verification Tools, volume 3 of our 2013 Software & System Lifecycle Management Tools Market Intelligence Service. This report analyzes the emerging trends for commercially available testing tools, including static analysis, dynamic, and model-based tools. It also covers the previously mentioned tool types used for general software quality testing and defect detection as well as those used for application security testing and vulnerability management.

Please contact us for more information.

08/19/2013

Trusteer Your Security to IBM: Acquisition Fortifies Security Portfolio

On August 15th, IBM (NYSE:IBM) announced it reached a deal to acquire Trusteer, a Boston-based software-security firm focusing on financial and enterprise cyberthreats. As part of the deal, IBM will absorb Trusteer’s R&D lab in Tel Aviv into its security organization. One major focal point for Trusteer is their mobile security product line, which focuses on preventing intrusion and data theft through enterprise-connected mobile devices.

Smartphones and tablets are becoming integral tools for large and small businesses alike. Mobile devices – like an iPhone equipped with the SalesForce app – are a huge benefit to employees and their employer by allowing them to work remotely and efficiently while away from the office, but these devices also introduce a new set of vulnerabilities into an organization’s security. Our data shows that a large number of these devices have exploitable security flaws that leave sensitive enterprise data vulnerable. A mobile device connected to an enterprise’s network provides a link into the organization that many aren’t adequately protecting.

This acquisition reinforces two key trends: security is an increasingly important factor for all organizations and more needs to be done to protect valuable data from theft. As the number of end-points an organization deals with increases, so does the risk for a security breach. IBM recognizes this and plans to use the Trusteer acquisition to improve its enterprise security products, but the same principles hold true in the embedded industry.

The embedded world is more connected than ever before and this trend continues to grow. Thinking back to famous malware threats such as Stuxnet infiltrating networked manufacturing platforms, it’s clear that inadequate protection of these systems is a major vulnerability to users of embedded software and hardware. Purchasing Trusteer highlights a developing industry trend: end-point protection is becoming a new priority for businesses, embedded or enterprise, in order to keep cyberthreats from harming their operations.

For more information on VDC’s research about security in the embedded industry, click here.

 

By Zach D. McCabe,

Research Assistant, M2M & Embedded Technology

06/28/2013

Combating the Crush of Code Creation

We discussed in a blog earlier this week the growing reliance on software components to provide differentiation in the automotive vertical market. It is a trend that can be witnessed across a wide range of embedded industries and as a result, software volume and complexity is expanding rapidly. With these changes comes a growing appreciation for the value proposition of commercial software tools to manage the challenges borne by software development. The introduction of formal tooling to lessen the reliance on hand-coding and in-house developed tools is a strategy used by more and more organizations to address their development needs.

Utilizing tools (e.g. UML/SDL, HMI, modeling/simulation tools, etc.) to automatically generate portions of software code is a strategy increasingly used as an effective hedge against the missed project deadlines in the face of rapidly increasing code volumes. In fact, developers in several verticals such as telecom, automotive, and aerospace & defense now generate over a fifth of the code created in-house through the use of software modeling tools. With no end in sight for the growth of code bases (nor any likelihood project deadlines become more generous), expect this approach to become more widespread. Furthermore, providing a code generator qualified across a number of software safety certification standards is an increasingly important differentiator for solutions targeting industries with process or safety standards to guide or regulate software.

More insight

For further investigation and discussion about this and other emerging trends in the software and system modeling tool landscape, as well as other important shifts in systems lifecycle management, please see our 2013 Software & Systems Lifecycle Management Tools Market Intelligence Service. The first volume of this series, which focuses on modeling tools, will be available soon.

06/26/2013

Controlling In-Vehicle Innovation with IVI Design

Automotive differentiation is no longer driven by gears and grease. Electronic systems now control most aspects of a vehicle’s operation and the software within those systems has risen to account for an increasing share of their functionality and differentiation. Today, software content growth in the automotive industry continues to outpace most other embedded device classes. In no automotive sector is this trend more acute than in IVI.

Ivi ibm

The culture of conservatism, rooted in automotive’s safety-critical requirements, that has traditionally characterized the domain must adapt. The recent financial crisis imposed an unparalleled catalyst for such change. Entire supply chains followed the OEM leads into bankruptcy. The remaining engineering organizations, many of which lacked the level of development resources they had prior to the financial crisis, are being forced to reevaluate their incumbent development processes and tools in an effort to keep pace with the unabated growth in consumer expectations. In many cases, OEMs must be prepared to adopt new software development solutions to adequately address the complexities of UI design and consumer device integration.

VDC will be conducting a live webcast with IBM and Jaguar Land Rover on June 27th to discuss this emerging trend. Attendees will learn:

  • How open source technologies will impact tomorrow's automotive ecosystem
  • Why OEMs need to revisit their supply-chain strategies to promote new levels of collaboration  and innovation
  • What new development solutions should be considered to adapt

When: June 27th, 11:00am ET / 2:00pm PT

Register: http://bit.ly/136NjqJ

06/25/2013

The Embedded Software Beat

Part two of a Q&A with Matt Klassen, Director of Product and Solutions Marketing at PTC. (See part one)

This interview is part of an ongoing series we conduct with embedded software solution providers to share views on their company, products, and state of the market.

VDC:  When PTC acquired MKS, James Heppelmann, president and CEO of PTC said, “Software engineering has become a fundamental backbone element in today’s product development process.” Indeed, embedded systems continue to grow in complexity and software is defining an ever greater portion of end product value. Given that environment, can you tell us a bit about how the combination of Integrity with PTC’s PLM solutions is addressing some of the challenges facing manufacturers today?

Klassen: PTC is addressing many software intensive product manufacturing challenges head on.  Integrity allows engineers to author, connect, and manage a wide range of development artifacts from requirements to design to code and test. Furthermore, Integrity offers unprecedented reuse and traceability providing efficient change management, even across product variants. This gives management a real-time view of software release readiness in the context of the product engineering cycle.  When used in combination with Windchill, Integrity extends PLM to include robust requirements management, software management, and crossed discipline change management.

VDC: Has the acquisition resulted in new markets or opportunities for the Integrity solution than was available under MKS?

Klassen: PTC gave Integrity global reach and with a loyal customer base. Integrity has been introduced to a host of new customers that have invested heavily in our ALM technology. These customers include HKMC, Huawei, Cummins, John Deere, and Ingersoll Rand to name a few.

VDC: We’re seeing Agile software development methodologies gain broader acceptance across a range of embedded verticals. How does a solution like Integrity help support a transition to iterative development?

Klassen: PTC Integrity ensures a smooth transition to iterative and agile methodologies by providing a flexible scalable Scrum based template that allows enterprises to use traditional, agile or hybrid methods across a distributed set of teams. In addition, Integrity’s support for regulatory compliance standards and ability to reuse requirements, test and code in an Agile environment is unique.

VDC: If you could accurately predict the future, how do see the opportunities for the embedded software market shaping up over in the coming year?

Klassen: The embedded software market will only continue to grow its products to become smart systems of systems.  As companies realize that it is more profitable to transform their products into services, software will enable and deliver the continuous stream of value to products already in the market such that servicing, fixing, upgrading and even offering new features will become much more efficient, less expensive and provide longer life expectancies for many products.  Companies that are able to manage the explosive growth of software efficiently and effectively in the context of the product lifecycle will thrive.  PTC’s strategy is very focused on this market force.

VDC: Thank you, Mark.

Interested in participating in VDC’s “The Embedded Software Beat” series of interviews? Please reach out and let us know.


Matt KlassenMatt Klassen
is passionate about helping customers improve the way they build software intensive products and has been helping organizations excel with software for 20 years.  In his role as Director of ALM Solutions Marketing, Mr. Klassen is responsible for leading the effort to define, market, and sell PTC software and systems engineering management solutions built on PTC Integrity.  With many years working with customers on their complex software systems, Matt has the in knowledge to understand customer challenges across the software development lifecycle in many industries including medical devices, automotive, aerospace, and high tech electronics.  Matt has been a featured speaker at many conferences and events.

 

06/24/2013

The Embedded Software Beat

Part one of a Q&A with Matt Klassen, Director of Product and Solutions Marketing at PTC.

This interview is part of an ongoing series we conduct with embedded software solution providers to share views on their company, products, and state of the market.

VDC’s Embedded Software team was fortunate to catch up with Mr. Klassen shortly after the 2013 PTC Live Global, PTC’s annual event for engineers, IT and service professionals to network, hear corporate updates, learn, and listen to interesting customer presentations.

VDC: PTC has been supporting the embedded industry since 1985. Can you briefly introduce the company to our readers?

Klassen: PTC started as a CAD software provider and revolutionized that market with Pro/ENGINEER, the industry's first successful rule-based constraint (sometimes called "parametric" or "variational") 3D CADmodeling system.  In the late 90’s, PTC acquired Windchill Technology Inc. and launched the first internet based PLM solution which has grown into a half billion dollar business.  In 2011 PTC acquired MKS, a leading provider of ALM solutions, to address the engineering challenges as products transform into smart, software intensive systems.  

VDC: For anyone who may have missed the event, what were some of the highlights of the 2013 PTC Live Global?

Klassen: There were a lot of highlights at this year’s conference, but as usual, our customers really took center stage.  The keynotes on both Monday and Tuesday featured several marquis customers that underscored Jim Heppelmann’s talk on the forces that are transforming the way products are designed, manufactured and serviced.  Forces like digitization, globalization, compliance, personalization, software intensive products, connectivity, and servitization are all at work in the market and manufacturers that embrace these by transforming their process and tool landscape, will be positioned to lead the market.  PTC is positioned to partner with these companies to provide guidance and technology to do just that.

VDC: What challenges do engineers face today in designing and developing embedded devices and how are embedded software suppliers responding?

Klassen:  Engineers face a whole host of challenges today including:

-       Reusing software development artifacts across product variants

-       Cross engineering discipline collaboration

-       Taking advantage of Agile methods in highly complex and regulated environments

-       Managing the high velocity of software driven change and implications across discliplines

Traditional ALM vendors are not addressing these challenges very effectively.  Traditional PLM vendors are trying to address these challenges but their hardware oriented solutions are ill-equipped.  PTC has a unique opportunity to address these challenges with an integrated ALM and PLM set of solutions. 

Please check back on Tuesday 6/25 for part 2 of this discussion with Matt Klassen, Director of Product and Solutions Marketing at PTC

Matt KlassenMatt Klassen is passionate about helping customers improve the way they build software intensive products and has been helping organizations excel with software for 20 years.  In his role as Director of ALM Solutions Marketing, Mr. Klassen is responsible for leading the effort to define, market, and sell PTC software and systems engineering management solutions built on PTC Integrity.  With many years working with customers on their complex software systems, Matt has the in knowledge to understand customer challenges across the software development lifecycle in many industries including medical devices, automotive, aerospace, and high tech electronics.  Matt has been a featured speaker at many conferences and events.

 

 

04/22/2013

IBM Bolsters DevOps Support with UrbanCode Acquisition

On Monday, IBM announced the acquisition of UrbanCode, a provider of software delivery automation solutions. UrbanCode’s continuous release and deployment tools will be integrated into the IBM Rational portfolio to bolster their DevOps capabilities.              

…software is eating the world.” – Marc Andreessen

Software has emerged as the primary agent for differentiation for a growing number of companies. It is defining a greater portion of end-value for organization’s solutions, but also consuming an ever-larger share of their development costs. Many of these companies have re-evaluated their processes and adopted Agile methodologies to help speed software development. Our findings suggest this has helped. In VDC’s 2012 software and system developer survey, engineers using Agile were more likely to be ahead of schedule on their current project, despite code bases three times as large as those not using iterative methods.

“Companies that master effective software development and delivery in rapidly changing environments such as cloud, mobile and social will have a significant competitive advantage,” - Kristof Kloeckner, general manager, IBM Rational Software.

Unfortunately, Agile methodologies only address the software development. Just increasing the pace of software design can place considerable strain on an organization and result in bottlenecks elsewhere in the development lifecycle. To move in the right direction, development and operations need to operate at the same velocity. This is where the incorporating the UrbanCode Application Release Automation should provide synergy. By automating much of the testing and deployment processes, organizations can speed up the operations side of their business to match the pace of the Agile software development.

Integration of the UrbanCode offerings into IBM Rational’s portfolio represents a valuable extension of their DevOps implementation support. We expect much of the initial market traction to come from enterprise applications. However, with the volume of embedded software code continuing to grow while project timelines shrink, this approach will increasingly resonate in several embedded industries.

More insight

For further investigation and discussion about Agile development, DevOps and other important shifts in systems lifecycle management, please see our 2012 Software & Systems Lifecycle Management Tools Market Intelligence Service.