Commercial third party code creating security blind spots

2021-05-18 04:00

Despite the fact that third party code in IoT projects has grown 17% in the past five years, only 56% of OEMs have formal policies for testing security, a VDC Research reveals.

"With more complex software supply chains becoming the norm, organizations are leaning on these third party assets to accelerate their internal software development, which creates security blind spots," said Chris Rommel, EVP, IoT & Industrial Technology for VDC Research.

Commercial third party code sources posing security risks.

IoT developers are drawing from a vast pool of third party code sources, each bringing its own potential IP and security baggage.

Commercial third party code use in IoT projects grew 17% from 2015 to 2020, with in-house developed code dropping from 55.9% to 48.4%. Security ranks as the second most cited development challenge facing IoT devices, yet only 56% of organizations have formal policies and procedures for testing the security of IoT devices.

Organizations using SCA reported using 10% more third party software code in their projects compared to those not using SCA. SCA users said they were 65% more likely to finish their project ahead of schedule than those not using SCA. "Commercial third party code, which is the fastest growing component software within the IoT market, can contain both proprietary and open source components," said Andy Meyer, CMO for GrammaTech.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/xlgyb-Ykw9Q/

#security