The rapid growth of the IoT market has put huge pressure on software development process. Not only do connected devices need to be brought to market fast, be cost effective and work efficiently, they often also require regular software updates, and in many cases, to comply with safety and security standards.
By Chuck Gehman, Perforce Software.
From driverless cars and medical devices, through to domestic lighting and home entry systems, IoT products have become part of everyday life, with each of them containing one or more on-board computers, however tiny or basic. Both in our personal and professional lives, the volume of IoT devices involved in everyday activities is only going to increase. This is why it is so important to get a secure, solid foundation of software development practices and tools in place, because as the IoT reaches critical mass, the number of risks potentially increases.
Long before the IoT, undetected defects introduced in software development have been a point at which the majority of vulnerabilities are introduced. These can then lead to future issues, including product errors and failure, or even being the entry point for a malicious attack from a hacker.
Ensuring the security and quality of code and other assets is already a big focus in safety-critical markets, such as automotive and healthcare systems. However, there needs to be emphasis on the security of even the most seemingly innocuous of consumer products, because they could be the ingress point for bigger problems.
For instance, in the Mirai botnet incident, hackers took over a large number of IoT devices and routers by using the passwords that were hard-coded in the factory. It was recently discovered by a ‘whitehat hacker’ that a popular lightbulb could be easily hacked to gain access to the user’s home WiFi password. From there, a hacker or criminal could unlock the doors of a house’s entry system or turn off the security system.
In 2018, a hacker gained access to 50,000 connected printers to send a message urging people to subscribe to blogger PewDiePie’s YouTube channel. While that sounds relatively harmless, the principle is the same: insecure IoT devices can jeopardise the security and safety of people, buildings and networks.
There are several reasons why creating secure, robust IoT software is hard.
First, software developers have traditionally not focused on security — after all, these are creative people under a lot of pressure — though that is changing. Similarly, the way that many of them have worked in siloes has until recently made it difficult for the rest of the business to have insight into the software development process. Fortunately, that work culture is changing (more on that later).
Whichever language is used, code can be hard to understand, unless a developer is experienced, living and breathing it every day. Design decisions taken while coding can introduce errors, a typical one being accidentally overwriting of memory. That is a vulnerability that can lead to performance problems or be exploited in the future.
Third, IoT teams are under huge pressure to deliver products fast and in consumer markets, that can also mean an emphasis on doing it as cheaply as possible to keep the cost of the finished item to a minimum. What can happen when time is running out is to throw more people into the team. While that may sound like an effective way to meet a deadline, it can also introduce its own problems, for instance relying on people who are less experienced, or putting more pressure on senior developers.
‘Born-in-the-web’ companies typically have the advantage here, because they have been able to introduce sound software development processes from scratch. For more traditional organisations coming from more hardware-based backgrounds, adapting to the new world can be a lot harder, not just in terms of processes and tools, but legacy attitude within the company culture that can introduce resentment or roadblocks.
Fortunately, there is a lot that can be done — and is already being done by many organisations - to improve IoT software development. A good example is the growing adoption of coding standards, which are already well established in many safety critical industries. These are sets of rules that give software engineering teams the guidance and confidence to know that the code being they are writing is safe and compliant. Coding standards are often governed by industry associations or standards bodies. For instance, MISRA and AUTOSAR provide such rules for C and C++ languages. While both are widely adopted in the automotive industry, they can — and are — used in other industries. MISRA and AUTOSAR are also in the process of merging.
Similarly, CERT (Computer Emergency Response Team),part of Carnegie Mellon University's Software Engineering Institute, develops secure coding standards for C, C++ and Java through a broad-based community effort. This includes members of the software development and software security communities. CERT secure coding standards cover guidelines for avoiding coding and implementation errors as well as low-level design errors.
To make adherence to coding standards a less daunting task for busy software developers, coding standards can be applied using static code analysis tools. These inspect the code, right from the beginning of a project. Static analysis can be deployed both inside and outside the Integrated Development Environment (IDE), so that code is inspected while it is being authored, during Continuous Integration (CI) test and build stages, as well as in later integration and delivery stages.
Continuous testing aims to unearth any problems as early as possible, giving developers rapid feedback, and to help the business benefit any quality associated-risks. It also incorporates dynamic testing of software throughout the development process. Continuous testing fits in well with the shift left concept, which can give developers near real-time feedback, rather than waiting for identified by QA or test managers later, when they are harder and more costly to fix, and result in delays in product development.
To reduce additional workload on developers, automated testing is on the rise, and also helps to reduce the risk of human error. However, it is simply not viable to automate and test everything (at least, not yet), so it is more important to identify and execute the most relevant tests. Also, the introduction of codeless testing and AI-based tools means that testing is within reach of more people, without having to be trained or becoming test experts.
Good visibility, transparency and traceability has long been a foundation of software development practice. Being able to see the status of every change across a project — who did what, when, where and how — in both real-time and retrospect has some powerful benefits. It is easier to discover any issues and deal with them promptly, to roll back to a previous version of the software to find the source of a problem and fix it, or to provide evidence for compliance purposes. Achieving what is sometimes referred to in the software business as a ‘single source of truth’ is typically done using a version control system, which are used in the overwhelming majority of software projects in one form or another.
Agile and hybrid project management, application lifecycle management (ALM) tools provide traceability from design through delivery, so managers and security teams can trace test process execution back to requirements. They can see how outcomes match specifications, or what changes have been introduced, to help reduce risk and maintain code quality.
Last but not least, adopting new development methodologies can help create a more collaborative and transparent working environment. For instance, with Agile, individuals and teams understand their roles within the bigger picture of a project. Agile has long been popular in the games industry, but it is increasingly being chosen even within compliance-driven markets, often using hybrid versions of Agile. Alongside Agile often sits DevOps, the aim of which is to break down the traditional barriers between development and operations teams.
All these ‘best practice’ steps will go a long way towards making sure that the software driving the IoT is high quality, safe and as secure as possible. Nor is there any time to lose: in parallel with the growth of the IoT is the well-publicised explosion of security threats.
Getting the right processes, tools and methodologies in place as soon as possible makes sound IoT sense.