Parasoft’s team that attended the Embedded World Conference in Nuremberg last week came back with their observations. Despite lower than normal attendance which was expected given the world-wide spread of the COVID-19 virus, there were still great discussion and sessions taking place.
We have some exciting news from some of our partners to share as well. In all, a great conference.
Here’s a recap of what we saw and heard at the conference, particularly as it relates to our areas of expertise and tools.
In general, software safety along with general quality concerns is on top of many attendees’ minds as they develop product solutions in various safety-critical areas. Safety and security are closely related and the discussions around software compliance is shifting to building predictable software since unpredictable behavior in software is not safe nor secure – a definite positive trend. However, security is a key priority and certainly a focus, communicated at the conference by way of speaking sessions and highly visible on practically every vendor’s booth display. Nevertheless, the feeling is that many aren’t considering the security implication in their decision making or don’t know how to approach improving software security.
There is lack of understanding of what it means to do secure development in embedded software. There are coding standards like SEI CERT which has gained traction, but with other guidelines like OWASP and CWE Top 25 there is uncertainty on how or when to apply them. In addition, there is still a prevailing misconception that security isn’t a developer issue and that it’s more of a networking issue. However, security needs to be considered from the get-go, in requirements, since you can’t patch security into a product. Software security remains an area of improvement for embedded development.
The trend towards adopting iterative and continuous processes persist to make strong progress in the development of embedded systems, but not without some resistance when compared to what is happening in the enterprise software space. Though CI/CD is a well-known must have in the development lifecycle, adopting Agile is still a struggle within the embedded safety-critical space. For example, hybrid approaches are being proposed to overcome difficulties in using Agile processes in this highly regulated environment.
Other fascinating observations are around technology and tools that support modern processes and methodologies. Linux for example has become the host development platform of choice and the demand for automation is generally for Linux. Likewise, adoption of continuous integration and deployment leveraging containers is gaining huge traction. Also, interestingly the term DevSecOps does not come up with attendees likely since security is not getting the appropriate priority in these new development approaches. Clearly, there remains an opportunity to help embedded software development teams merge security, safety (and standards) into Agile processes.
The biggest news from Embedded Word this year with regards to standards is the announcement of the MISRA C:2012 Amendment 2 release by the MISRA committee. The most significant parts in the amendment address concerns in the use of the 2011 and 2018 versions of the C language and guidance for using new features in each. There is also an update to MISRA Compliance:2020 which outlines the process of claiming compliance to the standard. Parasoft announced our immediate support for MISRA C 2012 Amendment 2.
Interesting tidbit of information to add, is the future merging of AUTOSAR C++ with MISRA C++ and the fact that the MISRA organization will take over the administration of the standard in the future. We did a roundtable discussion with our in-house experts in a previous post.
In general, at Embedded World awareness of safety-related coding standards amongst the attendees was high. However, there is less awareness of the security-related standards available, but SEI CERT seems to be the most recognized. Despite AUTOSAR C++14 and MISRA C 2012 having some coverage of security, developers are still interested in a dedicated standard like CERT C. This is a positive trend as it speaks to the desire and movement to improve the security of software, upfront, when developing the code.
The rigor in software development is compounded by the continued increase in complexity, connectivity and the growing requirement in complying to standardizations which address safety, privacy and security, so incorporating test automation into your organization and the application lifecycle is without doubt necessary. Companies realize they are in a time-to-market race to win the marketplace. Selecting the best development environment and test tools is helping them drive in that race. We have taken noticed of the move by many to using Linux as a preferred development platform in helping deployment and scaling in terms of capacity.
Compliance with functional safety standards is important in this market race which implies automation for verification and validation. Compliance applies to other embedded software tools vendors that play in the software development lifecycle, so they too are looking to integrate test automation into their solution. This race is also driving innovation from the best test automation leaders in the market. Without tooting our own horn too much, Parasoft was one of the few vendors announcing innovations at the show. During Embedded World, we announced new AI and machine learning enhanced static analysis capabilities and advancements in Parasoft C/C++test and Jtest for increasing structural coverage from unit testing through advanced code analysis for C/C++ and Java. This reduces the burden of testing efforts required by standards such as ISO 26262 (Automotive), DO-178B/C (Aerospace), IEC 62304 (Medical Devices), IEC 61508 (Functional Safety) and EN 50128 (Rail).
Figure 1: Example screenshot of the machine learning wizard from Parasoft’s machine learning powered static analysis
Although issues around quality, security and safety remain top of mind, one of the interesting issues that came up during the conference is the testing of AI and machine learning systems (for example, implemented as neural networks) in safety critical devices. Safety critical software relies on predictable behavior which is not what AI systems are designed to do. How to certify AI is going to be an interesting problem now and in the future. There were a number of sessions on recommended approaches to test AI systems, but no standard solution is available yet.
AI is a hot topic and mainly comes up in discussions around autonomous driving systems, There were multiple sessions at the conference that covered AI topics and in terms of software test automation, Parasoft was the only vendor announcing new AI capabilities (see our announcement above).
Parasoft announces new integrations with Polarion, codeBeamer, and Jira, for enhanced requirements traceability (and test management systems that plug in to Jira such as Xray.) These new bi-directional data exchanges close the gap between requirements and the tests that validate them, to offer full traceability down to the code being developed. These capabilities fulfill compliance to developing process standards such as ISO 26262 (Automotive), DO-178B/C (Aerospace), IEC 62304 (Medical Devices) and IEC 61508 (Functional Safety)
A common problem expressed was that development environment ecosystems for embedded development are fragmented which leads to the desire for tool chain components that plug-in to numerous available solutions. Attendees, especially on new projects, are moving away from one vendor, one platform approaches from requirements management to compilers and hardware.
All in all, Embedded World 2020 was a great conference that included many great discussions with customers and partners. There remains a general trend of focus on safety first but with the improving understanding of how it correlates to security. Parasoft made some important announcements regarding AI-driven test coverage analysis and support for the latest MISRA amendment. Artificial intelligence in general both in applications and tools remains is as an interesting area of discussion and will remain so in the future.
We look forward to seeing everyone again next year. In the meantime, for assistance with automated the testing of embedded systems, visit https://www.parasoft.com/request-a-demo/.
Sr. Technical Product Marketing Manager for Parasoft’s embedded testing solutions. He has expertise in the SDLC and test automation of embedded real-time, safety and security critical applications, and software compliance to industry standards.