78 posts categorized "User Requirements"


VDC Embedded Jama Software Webinar

How to Understand Requirements Management to Develop and Deliver Faster

For Embedded Systems Developers, Time to Market is Critical. Learn the No. 1 Strategy to Develop and Deliver Faster.

During this free webinar on Wednesday, July 23 at 1:00pm ET / 10:00am PT, VDC Research analyst André Girard and Jama Software co-founder Derwyn Harris will present on the growing necessity for requirements management (RM) tools in the face of today’s increasingly complex code bases, distributed development teams, and stricter budgets.

OEMs are facing constant pressure for innovation even with tight budgets, and they are dedicating more of their resources towards software development. Despite the importance of well-written requirements in the software development lifecycle, usage rates of RM tools are still dangerously low, with only 23% of embedded engineers polled by VDC in 2014 indicating they were using a formal RM solution on their current project. To meet demands for an accelerated pace of software content creation, developers will need to better utilize RM tools to monitor and manage the development lifecycle from beginning to end.

This webinar will explore: 

  • How has the software development process changed? 
  • What challenges are OEMs facing today? 
  • How do RM tools help deal with these challenges? 
  • How can RM tools save time and money for OEMs?

Tune in to this webinar to learn the answer to these questions and more. Those who register for this webinar will also receive a free copy of VDC Research’s report, “Pinching Pennies on Requirements Management is Too Costly”, by André Girard.

Click here to register for the webinar. To learn more about the research and products offered by VDC Research’s Embedded Software & Tools practice, click here.


Patrick McGrath

Research Associate, VDC Research


IoT Necessitates Changes in Both People and Technology

The requirements of the devices composing the Internet of Things are changing rapidly. The embedded market no longer consists of dedicated-purpose devices that may or may not be connected. Engineering organizations and deploying enterprises must now design scalable system topologies that can integrate new devices and adapt to the IoT’s evolution. While these next-generation systems are required to facilitate downstream device/node management as well as efficient upstream data transfer and analytics, they must also do so dynamically, allowing for more intelligence and flexibility in node role and workloads within sub-network architectures.

This recognition of a need for change in legacy technologies can already be seen in the shift in programming languages used by embedded engineers. In the past five years, the percentage of engineers using Java in the embedded market has more than doubled. Embedded industry stalwarts such as C will certainly maintain a substantial footprint going forward given the existing software assets and expertise at OEMs, but the results confirm that the market is rapidly looking to new and/or multi-language development to satisfy the requirements of next-generation projects.


IoT Skill Set Gap Exacerbated by Existing Embedded Resource Gap

The existing embedded engineering resources unfortunately cannot keep pace with the IoT’s time-to-market and content creation requirements. Already this community has been struggling to meet the needs of pre-IoT development projects. Now, the industry is faced with a dynamic in which not only does it need more efficiency, but the existing population of embedded engineers also cannot scale organically to meet the new software content creation requirements. Today, there are just over 1 million embedded engineers globally, with only 35% of that community holding software engineering-specific primary roles. In order to adapt to the new IoT development demands and respond to this dearth of traditionally skilled resources, OEMs must look to new labor pools.

The global Java community, which is estimated to consist of approximately 9 million developers, offers an opportunity to draw upon an increasingly relevant labor and expertise pool. The value of traditional embedded engineering skill sets has already been partially devalued due to IoT system evolution. Now, knowledge of connectivity stacks and UI development often must be placed at a premium over skills such as footprint optimization. Furthermore, technology like Java’s virtual machines create an abstraction layer that can reduce hardware dependencies and the subsequent rework and optimization that would have previously required more traditional embedded firmware engineers. Despite the already rapid adoption of Java (by embedded standards), we believe that the impending blurring of the distinction between embedded and IT Java developers will reinforce the technology’s adoption and relevance going forward. The wide access to the existing ecosystem of Java tools and third-party software, combined with a growing embedded partner ecosystem spanning semiconductor/IP companies, tool, and hardware/system manufacturers will no doubt further reduce switching costs and any lingering reservations held within many embedded industries.

We will be exploring the business and technical impact of the IoT in a webcast tomorrow with Oracle:

Date: Thursday, June 19, 2014 

Time: 9:30 AM PDT, 12:30 PM EDT, 17:30 GMT

Join this webcast to learn about:

  • Driving both revenue opportunities and operational efficiencies for the IoT value chain
  • Leveraging Java to make devices more secure
  • How Java can help overcome resource gaps around intelligent connected devices
  • Suggestions on how to better manage fragmentation in embedded devices

Register here:



eBay Response to Data Breach Shows the Company Still Doesn’t Get It

This month’s major data breach news comes courtesy of hackers who accessed eBay’s user database by using valid credentials pilfered from eBay employees. The hackers apparently had access to eBay’s entire database of 145 million active users during the months of February and March 2014. The information accessed included passwords in encrypted form, as well as names, email addresses, shipping addresses, and dates of birth all in plaintext.

eBay’s user database was apparently accessible to the hackers because they logged in using genuine eBay employee credentials. But why should that give the hackers unfettered access to the entire user database? Of course company employees may have valid reasons for accessing the user database, but eBay could have limited the access such that:

  • a separate password or two-factor authentication was required to gain entry to the database; and

  • the database was only accessible from whitelisted terminals

  • excessive access by any individual employee throws up a red flag immediately (not months later).

eBay’s IT department has a chance to address those issues, but the company’s public relations department hasn’t done too well thus far.

eBay posted a notice on its website regarding the breach, entitled “Important Password Update,” the full text of which is below.

In VDC’s opinion, eBay’s public response to the breach has missed the mark.

eBay’s notice informed users that their encrypted passwords might have been compromised, and instructed them to change the passwords. Since the passwords were encrypted using a “salted hash” technique, few if any actual passwords are likely to be decrypted. Nevertheless, it doesn’t hurt to tell users to change passwords, particularly if a user shares the same password across multiple websites. However, the notice failed to mention the other personal information (non-encrypted) that was compromised. Such personal information presents a risk that hackers could attempt identity theft, which is arguably a greater concern than just the compromise of one site’s password. In effect, eBay has warned users about the information that is probably still safe, and ignored the disclosure of information that is clearly unsafe. And by failing to mention the other personal data that was accessed, eBay is creating a false sense of security that users will be safe if they just change their passwords.

Password changes can help make eBay safer, but they don’t improve the security of users whose personal information has already been appropriated. Because disclosure of users’ personal information could lead to subsequent attempts at identity theft, eBay might need to offer up free credit monitoring service to its users, even though no credit card or other financial information was disclosed.

Users don’t necessarily care how safe and secure eBay is; they care how safe and secure their own personal information is. eBay’s response thus far indicates that the company doesn’t get the distinction.


Full text of eBay’s notice to users:

[Note several days after we posted this, eBay revised the text of its password update notice to include the fact that personal data beyond encrypted passwords had been compromised, although eBay still doesn't relate the implications of that to its members. The text below is eBay's original notice.]

Important Password Update
Keeping Our Buyers and Sellers Safe and Secure on eBay
On Wednesday, we announced that we are asking all eBay users to change their password. This is because of a cyberattack that compromised our eBay user database, which contained your encrypted password.
Because your password is encrypted (even we don’t know what it is), we believe your eBay account is secure. But we don’t want to take any chances. We take security on eBay very seriously, and we want to ensure that you feel safe and secure buying and selling on eBay. So we think it’s the right thing to do to have you change your password. And we want to remind you that it’s a good idea to always use different passwords for different sites and accounts. If you used your eBay password on other sites, we are encouraging you to change those passwords, too.
Here’s what we recommend you do the next time you visit eBay:
  1. Take a moment to change your password. You can do this in the “My eBay” section under account settings. This will help further protect you; it’s always a good practice to periodically update your password. Millions of eBay users already have updated their passwords.
  2. Remember to always use different passwords on different sites and accounts. So if you haven’t done this yet, take the time to do so.
Meanwhile, our team is committed to making eBay as safe and secure as possible. So we are looking at other ways to strengthen security on eBay. In the coming days and weeks we may be introducing new security features. We’ll keep you updated as we do.
Thanks for your support and cooperation. eBay is your marketplace, and we are committed to keeping it one of the world’s safest places to buy and sell.
Devin Wenig
President, eBay Marketplaces



Got Ugly Code? Test to See if Quality Runs Deep

In today’s celebrity culture, inner beauty isn’t always a valued trait. But when it comes to embedded software development, beauty is truly on the inside. High quality, well-designed and reliable products necessitate high-quality and highly secure embedded software. Development Testing is one of the most effective ways to achieve this.

Development Testing is a rapidly emerging category, including a set of processes and software, designed to easily find and fix quality and security problems early in the development cycle, as the code is being written. All this serves to dramatically improve time to market, reduce development costs and improve customer satisfaction.

Join us at an exclusive event hosted by Coverity on June 12th in Cambridge, England. ip.access will share some of their experiences implementing advanced testing practices and I will discuss what our research says about the latest trends and techniques in embedded software development and quality assurance.

When: Wednesday, June 12th

Time: 09.30 – 14.00 with presentations between 10.00 and 12.30, followed by lunch.

Location: Fitzwilliam College Storey’s Way, Cambridge CB3 0DG

Register: Click here


M2M World Congress – London – Highlights from Day 1 of 2

VDC’s CEO Mitch Solomon is participating in M2M World Congress (one of the industry’s larger M2M-centric conferences) this week in London, and sent in the following post from the field.

First off, the event is oversold and is standing room only, a testament to building interest in M2M (…and perhaps the strong promotional efforts of its producer).  The day consisted of roughly a dozen presentations and panels, covering a broad landscape of topics.  Speakers were largely from major wireless carriers, primarily European.  Below are a few key insights (…derived from a much longer list), just hours after the last session of the day:

All speakers believe the much-anticipated M2M future has arrived, and they see rapid scaling in their business (as measured by M2M SIM card sales and deployments).  Most M2M business leaders within large mobile network operators are carrying aggressive growth targets (handed down from corporate), as their companies look to M2M to drive growth that far exceeds what can be achieved in their established voice and data businesses.

The words “complexity” and “challenges” were used almost as much as “the” and “it” during the course of the day.  The difficulties associated with actual M2M deployments were widely acknowledged, often in the same breath as the notion of how large the opportunity is.  Clever solutions to the biggest M2M deployment challenges were elusive (understandably, as silver bullets are usually are hard to come by), though familiar suggestions like “test, test, and re-test” and “standards can help” and “pilot first, then expand” were offered up. 

The only word used more than “complexity” and “challenges” was…”partner.”  Which makes sense.  It often takes partnerships to solve complex technical problems such as M2M applications.  Every carrier was touting its partnerships, some of which extend geographic coverage while others deliver value-added software and services beyond connectivity.  This is the age of M2M promiscuity, as everyone tries to seduce everyone else lest someone be left on the dance floor alone.

For a myriad of reasons, the discussions were largely focused on technology and vendor strategies (particularly carriers’) instead of OEM use cases and customer benefits (…something many audience members were a bit frustrated by).  Some attempts by panel members to address questions related to devices and OEM use cases were made, and some light was shed.  Overall, however a clear impression was made that senior people with M2M on their business cards are still working their own way up the learning curve (like many others in the industry) when it comes to specific examples of how M2M-based applications can benefit their OEM customers.  This knowledge gap could be indicative of carriers and/or senior leaders at carriers being one or two steps removed from OEMs’ application development efforts, rather than a deficiency in an expected area of expertise.

With the second and final day of the event tomorrow, my hope is that panel members will share more about how OEMs are approaching, evaluating, designing, and deploying M2M based systems.  Discussions of the supporting business cases would be particularly valuable.  If so, it will cap off a very worthwhile two days of M2M immersion in London.


Don't Water-Scrum-Fail.

Agile is a great weapon available to OEMs to fight the challenges inherent in device development today. It is not, however, a silver bullet.

In a recent post, we explored how Agile projects are still finishing behind schedule, despite favorable comparables against standard V-model workflows. The truth of the matter is that Agile projects are subject to many of the setbacks as traditional ones. They can and will fail. It is more important than ever for engineering organizations to recognize what specialized or unique implementation strategies they need to use to increase their chance's for long-term success with Agile.

Many of you have heard the expression - water-scrum-fall in the past. It speaks to the reality that Agile is often implemented in some sort of a hybrid fashion – as in not true “Agile” per the manifesto. This is especially true – and important - in the embedded market. As you know, there are a ton of differences between development for an ISV and an engineering organization. The number of verticals markets, process standards, and multi-engineering domain considerations make some level of hybridization or customization necessary.

Agile hybrid
But customization does not come without its cost. For example:

  1. Light weight Agile project management tools can't cut it alone. Integrated, formal automated tooling is required to manage traceabilty across the lifecycle.
  2. Ongoing training and coaching takes center stage. Embedded engineers are creatures of comfort. Left alone for too long and they will revert to a more primitive state.

Interested in learning what else you should do and consider when implementing Agile in your organization?

Listen in to our webcast:

Tomorrow, April 16th at 12pm ET / 9am PT

How can you register?



Help ~ Someone Hacked my Toaster!

In the PC world, security issues are generally well understood and often even addressed by the masses. It’s a different story in the M2M and embedded market. Recognition of security risks and the number of steps taken to address security vary across each level of the embedded ecosystem - by industry, manufacturer, component supplier, and end user.

The potential impact of consumer device security failures extends across the Internet of Things ecosystem - far beyond traditional mobile and consumer devices. Thankfully, the general public appears to be catching on. Results from our consumer survey confirm that a growing number of people are recognizing the potential security issues that come with their increasingly connected lifestyles.

We asked device purchasers and users how concerned they were with security for each type of device they personally bought, were planning to buy, or were operating regularly. Some of these devices are a large part of peoples’ lives already today, like ATMs and smartphones, while others like connected cars that are not yet widely used are an almost unavoidable consequence of a device class’s continued evolution. Consumer security blog

Although it is probably no surprise that ATMs are rated highest for security concerns since they are directly pinned to personal finances, no connected device class was immune to consumer concerns. While the relative perception of risk varies rather dramatically across the device classes shown on this chart, one thing is glaring clear and consistent – there is both a recognized need and a growing demand for more secure consumer devices.

One of the biggest challenges facing the industry, however, is that although there is a general recognition of risk in some of these emerging consumer device classes, most consumers don’t yet have firsthand experience with hacks of this type. So people are going to be much more concerned with those devices with which they already have a lot of experience, like smartphones and ATMs. Connected cars and home medical equipment, however, are relatively new. Meanwhile, the consequences of failure for those devices can be much more dire.

Overall, there also hasn’t been as much reported change in any of the consumer device usage patterns as you might expect, given the recognition of risk. It’s almost as if many consumers want to reduce their exposure to risk, but have accepted the fact they are playing Russian roulette in the short term. The frequency and magnitude of consumer device security failures will only continue to increase over the coming years, however. Not only will consumers expect a higher level of security built into their devices, but they will need (and finally demand) new classes of post-deployment security augmentation solutions.


3 Steps to Automate Your Way to Agile

In a recent VDC View, I wrote that "software engineering is broken." Although our industry continues to deliver new and innovative products, too often projects miss the mark. Late. Buggy. Unprofitable. We all hate these words, but hear them repeatedly. Enter Agile.

We all know that Agile enables software organizations to continuously deliver working software faster to customers (internal or external). This helps software teams to not only deliver products faster but also in tune with the changing market needs. In practice however, organizations still struggle to get the full benefits of Agile methodology because they have not fully automated their practices (development, build, test, release). 


Listen in on April 16th to hear Ashish Kuthiala, Director of Marketing at Electric Cloud, and I address the fundamental issues and recommendations you should consider as you adopt Agile: 

  1. Understanding the true drivers for adopting Agile
  2. Critical organizational, process and tooling issues to consider and pitfalls to avoid
  3. Recommendations on how to do this right by automating your processes

When is the webcast?

April 16th at 12pm ET / 9am PT

How can you register?



VDC to Present Embeddy Awards Live at Design West

Want to see the latest technologies and tricks for embedded engineering? Head to Design West next month in San Jose, CA!

Contact us ASAP to schedule a meeting

VDC will be attending the Design West/ESC conference from Tuesday April 23 through Thursday April 25.

At the show, we will be presenting our 9th annual Embeddy Awards. The winners will be announced Live during Thursday's morning keynote session.

So how can your company win the Embeddy award?

To be considered,

First, fill out this on-line form: http://svy.mk/WU0abA

You must also schedule a meeting with VDC to discuss the announcement that you are making at the show. You can arrange a meeting time with VDC by doing one of the following:

For Software and Tools related meetings

Contact Jared Weiner, Analyst, M2M Embedded Software & Tools at:
jweiner@vdcresearch.com or 508.653.9000 x143.

For Hardware related meetings

Contact David Laing, Senior Analyst, M2M Embedded Hardware Platforms at:
dlaing@vdcresearch.com or 508.653.9000 x146.

Haven't decided if you're attending DESIGN West yet?

Please check out the DESIGN West website for more information on the conference program as well as
information on all of the companies that will be exhibiting. You can also click here to register.

We look forward to seeing you at the show!


Feeling Insecure?

Then come see my presentation on secure device development best practices at Embedded World!

The device development landscape is changing rapidly. The potential cost of security risks looming on the horizon is already causing many OEMs to reevaluate their engineering solutions and processes. I will discuss some of the steps you can take and products you should use when building next generation connected devices.

When: 3:00 pm CET

Where: Embedded World - Nuremberg, Germany


Want to meet at Embedded World?

Please contact us if you would like to meet up while in Germany. We are interested in speaking with vendors launching new solutions and engineers looking to share experiences.


My Photo