Tools

57 articles

The Role of Tools in Improving Embedded Software Security / Part 2: Security Improvement and the Software Development Lifecycle

By Bill Graham In many of my previous posts, I’ve discussed Wind River's 5+1 step improvement framework for embedded device security. By design, it’s meant to complement the software development lifecycle (SDLC) that our customers are using – the stages or phases how they define them and the processes they follow. It’s important for a discussion on tools to put them in…

The Role of Tools in Improving Embedded Software Security / Part 1: Automation is the Key

By Bill Graham Security Vulnerabilities are Expensive Shipping security vulnerabilities in a finished product and having them discovered or worse, exploited, is a very expensive proposition for embedded device vendors. As I’ve discussed in an earlier post, security defects are much more expensive to patch and fix the later they are discovered. If you’re lucky to catch a vulnerability during…

Open source in Medical Devices: Part of the Cure or Part of the Disease?

By Ido Sarig The Economist recently published a very interesting article on the merits of open source in medical device development, which raises some questions and sparks an important discussion.  In general, it is more common to see open source adoption in non-regulated industries. However, we are seeing it more and more in regulated industries primarily because it encourages rapid…

Diab Compiler Adding Support for new Infineon TriCore AURIX Microcontrollers

By Graham Morphew Infineon Technologies recently announced their next generation family of 32-bit TriCore™ microcontrollers for automotive applications.  The new architecture is called AURIX™ (AUtomotive Realtime Integrated neXt generation architecture) and it supports multi-core architectures of up to three independent TriCore CPUs.  The feature set of this new AURIX family is a perfect match for powertrain applications, electric vehicles as well as steering, braking,…

Detecting security problems – using static analysis to catch them early and less expensively

By Bill Graham In my previous post I discussed the potential benefits in quality and costs that static analysis brings to software development. In addition to common coding errors, many of the bugs found by static analysis are potential security defects as well.  Buffer overflow, OS command injection, unrestricted string format and integer overflows are among the top 25 most dangerous security coding defects…

Using Static Analysis to Improve Product Quality, Earlier and Cheaper

By Bill Graham Fixing bugs is expensive. Fixing bugs is more expensive the later you leave them, in fact, its been shown to cost a magnitude higher with each major phase of development. The famous defect cost chart from Capers Jones shows the cost of a bug going from $25 at the coding phase to $16,000 in development.  Not only that,…

Introducing Performance Studio

By Emeka Nwafor What is Performance Studio? Is it: 1. Some kind of hair product 2. A new "clinic" for MLB players 3. Full name: : Wind River Linux Performance Studio for Intel® Architecture; a new add-on product for Wind River Linux that helps you get the most performance out of your embedded Linux device software running on Intel hardware  If you correctly answered…

Hacking Insulin Pumps for Fun and Profit

By Ido Sarig Last month, I had the opportunity to take part in the Amphion Medical Forum in Minneapolis, where the theme was security challenges facing Medical devices. Amphion is a forum that brings together thought leaders from academia, business, government and technology, which was founded to provide a medium for these visionaries to define solutions to some of the…

A Medical Device Platform: Beyond the Operating System

By Bill Graham With the release of the new Wind River Platform for Medical Devices it's a good time to point out the breadth of products and services that make up a modern embedded solution suite. In fact, our medical solutions go well beyond the products that make up the Platform. The Platform for Medical Devices provides the main components: VxWorks…

Test Management 4.0: Reduce Risk by Understanding the Impact of Change

By Ido Sarig Big day today, we just announced the release of our latest version of Wind River Test Management, WRTM 4.0, the culmination of several years of hard work - kudos to our engineering team! In the coming weeks, I will be covering many of the new features of WRTM 4.0 in detail in a series of separate posts,…