IoT
often using many different systems, tools, and types of digital
assets.
Critical Mass
With many different versions of a device in use, including legacy
products that will need to be supported for their entire lifetime,
software updates are frequent. This has led to the sheer speed
and volume of software-based product development to reach
an unprecedented scale.
As IoT moves toward the mass-market, we will see companies
striving to introduce cheaper products, which means
products with less memory and processing. To still give people
the performance they want, companies will need to optimise
software without overlooking security. There is a chance in
those situations that software development will become slower,
more expensive, and riskier.
As IoT has become more mainstream, there has been an
increase of expert ‘bad guys’ ready to exploit vulnerabilities.
This is why many organisations involved in IoT are reviewing
their development processes, team culture, methodologies,
processes, and tools to ensure that they are efficient, effective,
and secure.
Best Practices
For many of these organisations, the starting point is achieving
better insight into the software development process. Knowledge
of what is working — or what is not — makes it easier to
prioritise what needs to be fixed.
For instance, coding standards — already common in safety
critical and compliance driven industries — are being more
widely adopted. The idea is simple: Coding standards are sets
of rules or guidelines for software engineering teams to observe.
This gives them the confidence that the code they are creating
is safe and compliant. To avoid creating additional workload for
developers, coding standards are usually applied using static
analysis tools.
Static analysis tools have long been used by traditional software
development teams to continually inspect code for errors.
Teams can use the tool right from the very start of a development
project. The benefit of this practice is that the earlier a
problem is discovered, the easier (and less expensive) it is to fix.
What’s more, static analysis can be deployed both inside and
outside the Integrated Development Environment (IDE), so that
code is inspected across both the build and execution stages.
Keeping It Continuous
Another big trend in software development is continuous testing.
Testing has evolved from a routine ‘tick-in-the-box’ exercise
to being at the heart of good software development. By testing
early, often, and throughout the development process, developers
can receive faster feedback. Also, the business can better
identify quality-associated risks, such as bug fixes or new
features.
Continuous testing fits in well with another popular concept,
Shift Left. The concept involves developers
taking on more responsibility for
testing before it goes to QA managers or
test engineers.
However, it is important not to confuse
continuous testing with high-testing
coverage, which lets developers know
how much of their code is covered by
automated tests. Using test automation
tools helps to identify and execute the
most relevant tests. While most organisations
that use continuous testing are
not 100 per cent automated yet, the
percentage is increasing. What’s more,
the introduction of codeless testing and
AI-based testing means that the skillsets
are within reach of a far greater audience.
No longer do individuals or teams
have to become testing experts.
Visibility, Transparency, and Traceability
Development teams always need to be able to see the status of
every contributor and change across a project, both in real-time
and historically. This practice is often referred to as a ‘single
source of truth.’ The idea is that at any time, it is possible to see
who did what, when, where, and how. It is useful for organisations
that need to be compliant as well as in regulation-light
markets, such as games development.
This is because when a problem becomes apparent (like a
bug), it is possible to not only pinpoint when and how it originated,
but to also roll back to an earlier version of the software.
A version control system can also show the interdependencies
with other assets that are not code based, such as build
artifacts, configuration data, and even graphics, sound, and
movies.
Culture
Software development approaches need to complement the
wider set of security tools and services, such as penetration
testing. Development teams also need to consider code quality
and security at each stage of development. These days, there
is too much at stake to risk compromised code. Fortunately,
there are a growing number of ways to address the challenges
involved with managing code in the IoT era.
www.perforce.com
18 Embedded September 2019 www.eenewsembedded.com News @eeNewsEurope
/eenewseurope
/www.perforce.com
/www.eenewsembedded.com
