Embedded World 2017
Embedded World 2017 is the leading international fair for embedded systems. The event covers topics such as: security for electronic systems, distributed intelligence, the Internet of Things or e-mobility, and energy efficiency. Discover with 1,700 other conference participants the innovations from the embedded sector, meet experts, and acquire new customers. Speakers and exhibitors from 42 countries will be presenting subjects exposing a variety of ideas for solutions and their experiences dealing with embedded systems.
Abstract: How do you achieve robust software security when the complexity and scale of embedded systems outpaces existing techniques? The recently released MISRA C:2012 Amendment 1 provides the answer: By taking secure coding guidelines from the committee responsible for the C Standard, MISRA sets out rules that cover potentially insecure expressions, libraries, and resources that apply to all embedded domains (on top of already existing rules in the full MISRA standard). The question is, how do you implement these rules?
This session takes a detailed journey through the design, implementation, and testing of the update of a static code analysis tool to include MISRA C:2012 Amendment 1. Distilling development artifacts, code samples, and industry research, this paper helps understand specific MISRA security rules and provides best practices for writing your own validation tests to improve code security.
By understanding the MISRA rules and these practices, development teams are better positioned to combat security threats earlier, by detecting and mitigating potential vulnerabilities in the coding cycle at the most cost-effective stage of development.
Abstract: Enterprises from small to very large embrace open source software as part of their embedded developer's toolkit. The path to faster code is clear. But at what risk? In embedded software, risk can equate to late releases, over-budget projects, and in some cases, casualties to life and limb. It's a classic risk versus reward scenario. But do embedded developers know how to estimate the risks?
According to a recent survey of developers, 67 percent said they are not sure if there's a policy for source code, or don't know what it is. Either way, there's room for education. And, policies can only cover the known risks.
With a complex – and lengthy – supply chain for most embedded development, each software contributor needs to better understand the landscape, the true costs, risks, and how to make the right decisions for when – and how – to use open source software.
This session discusses the most effective uses of open source software; how to maintain MISRA, CWE, OWASP, and other standards compliance across all code sources; how to avoid license risk; and reduce critical safety and security issues. Those involved in developing embedded software will have the right understanding, be able to ask the right questions, and leverage OSS to gain the most while risking the least.
Abstract: With mission- and safety-critical software, you need to know what's in your code, as fixing defects in the field is either impossible or leads to staggering costs. Confidence in your code is even more critical when using open source code, as it's rarely a single function causing the open source problem, it's a combination of architecture, configuration, or packages.
We've seen the use of open source software grow in embedded devices from automotive infotainment systems to wearables to medical devices, including the development environments that support them. This session shows you the most common uses for open source in embedded software development environments discussing industry trends and how they are used for continuous integration, build functions, databases, tools, and on the target device. Learn how packages such as CentOS, OpenSSL, Ubuntu, and more are used to provide innovative features that are industry-accepted and cost effective.
For each use case we industry data on architecture, usage, and common issues to provide best practices for embedded open source including security, performance, and support.
March 14 - 16, 2017
Nuremberg Convention Center | Nuremberg, Germany