Barr Group's 2018 Embedded Systems Safety & Security Survey reveals an "Internet of Insecure Things"

February 21, 2018


Barr Group's 2018 Embedded Systems Safety & Security Survey reveals an "Internet of Insecure Things"

More than 1 in 5 IoT Device Developers Fail to Spec Security as a Product Design Requirement.

Barr Group, The Embedded Systems Experts, will release the final analysis of its 2018 Embedded Systems Safety & Security Survey on February 27, 2018, at Embedded World in Nuremberg, Germany. Preliminary results reveal startling news regarding the state of security for Internet of Things (IoT) devices. Of the embedded systems developers working on internet-connected or IoT projects, 22 percent do not list security as a product requirement for their current project. With the growing number of hacks and cyberattacks threatening internet-connected devices, this statistic serves as a warning that security breaches and attacks will continue to plague the embedded system industry in the short-term future.

Completed by more than 1,700 qualified respondents, the 2018 Embedded Systems Safety & Security Survey was designed to gauge the state of product development practices of embedded systems engineers from around the world (46 percent from North America, 33 percent from Europe, 10 percent from Asia, and 11 percent from other geographies). Based on survey data from 2018 as well as results from prior years, the embedded industry is showing modest improvement when it comes to making security a design consideration during product development, rising six percentage points from 2016 to today’s 67 percent. However, with 33 percent of all embedded engineers and 22 percent of engineers designing internet-connected devices still neglecting to focus on security during product design, the IoT continues to be an “Internet of Insecure Things.”

“Prioritizing security in every internet-connected embedded device is essential to maintaining the integrity of the IoT,” said Barr Group CTO Michael Barr. “As also indicated by our survey, for both new internet-connected and non-internet-connected projects, developers are increasingly designing applications that use more than four CPUs per system. These complex systems significantly increase the potential attack surface and are inherently more difficult to secure. Failing to focus on security during the design process, especially for internet-connected devices, may be putting the entire network and potentially the devices’ end users at risk.” According to the 2018 survey, 25 percent of developers designing products for the IoT are working on devices that could kill or injure people if hacked.

Further compromising the state of IoT security, survey results reveal that engineers developing IoT devices are still neglecting to implement industry-recommended design practices known to raise security levels of embedded systems. Of the engineers designing internet-connected devices:

• 54% lack regular code reviews

• 49% fail to perform static analysis

• 33% lack a written coding standard

• 17% lack a bug database

In addition, the survey found that fewer than half of all embedded engineers designing for the IoT encrypt their data. “These results are highly concerning,” Barr concluded. “Although there has been a modest increase in focus on embedded systems security during product design, we still have more work to do.”

2018 Barr Group Embedded Systems Safety & Security Survey Results at Embedded World

Join Barr Group at Embedded World in Nuremburg, Germany, February 27–March 1, 2018, for two special presentations highlighting more detailed results from the 2018 Embedded Systems Safety & Security Survey.

The following presentations by Barr Group CTO Michael Barr will take place at the Open Systems Media Embedded Pavilion located in Hall 3A, Stand 507:

The complete 2018 Embedded Systems Safety & Security Analysis report will be available for download on February 27, 2018.





Barr Group, The Embedded Systems Experts, Embedded C Coding Standard, Embedded Systems Safety & Security Survey, Embedded Software Boot Camp, Embedded Android Boot Camp, and Embedded Security Boot Camp are trademarks or service marks of Integrated Embedded, LLC d/b/a Barr Group.


Media Contact:


Angie Hatfield


Hughes Communications, Inc.


(425) 941-2895


[email protected]