The Role of Tools in Improving Embedded Software Security / Part 2: Security Improvement and the Software Development Lifecycle

Bill Graham

In many of my previous posts, I’ve discussed Wind River's 5+1 step improvement framework for embedded device security. By design, it’s meant to complement the software development lifecycle (SDLC) that our customers are using – the stages or phases how they define them and the processes they follow. It’s important for a discussion on tools to put them in the context of the SDLC to see where they apply and how they are useful beyond just the coding stage.

Figure 1 shows the relationship between the SDLC and our security improvement framework. The phase names and number of phases may change from customer to customer but the general idea remains the same. It’s important to note that the improvement framework is equally compatible with Microsoft’s Secure Design Lifecycle that is gaining traction amongst embedded developers too.

Continue reading >>