Nearly half of IoT projects don't test for software security

Despite the fact that third party code in IoT projects has grown 17 percent in the past five years, only 56 percent of OEMs have formal policies for testing security.

A report from security testing and software research company GrammaTech, based on findings from a VDC Research survey, reveals that this is despite 73.6 percent of respondents saying security is important, very important or critical.

"Commercial third-party code, which is the fastest growing component software within the IoT market, can contain both proprietary and open source components," says Andy Meyer, chief marketing officer for GrammaTech. "Lack of visibility into this ‘software bill of materials' poses security and safety risks. With binary software composition analysis, organizations can know exactly what's inside their applications and address vulnerabilities before releasing new products."

Among other findings are that security ranks as the second most cited development challenge facing IoT devices, yet only 56 percent of organizations have formal policies and procedures for testing the security of IoT devices.

Security is now the most important factor (30.3 percent) in selecting software composition analysis (SCA) tools which were originally developed for auditing IP compliance with licensing agreements. Organizations using SCA report using 10 percent more third party software code (64.2 percent) in their projects compared to those not using SCA (53.8 percent). In addition SCA users say they are 65 percent more likely to finish their project ahead of schedule (57 percent) than those not using SCA (34 percent).

You can read more on the GrammaTech site.

Image credit: Jirsak / Shutterstock