The Role of Tools in Improving Embedded Software Security / Part 1: Automation is the Key

Bill Graham

Security Vulnerabilities are Expensive

Shipping security vulnerabilities in a finished product and having them discovered or worse, exploited, is a very expensive proposition for embedded device vendors. As I’ve discussed in an earlier post, security defects are much more expensive to patch and fix the later they are discovered. If you’re lucky to catch a vulnerability during development, you can likely save your company and project thousands if not hundreds of thousands of dollars. So, security vulnerabilities are expensive and costly not only in dollars but in reputation and customer satisfaction.

On average, a vendor loses around 0.6 percent value in stock price when a vulnerability is reported. This is equivalent to a loss in market capitalization values of $0.86 billion per vulnerability announcement.  –Telang & Wattal 2007

Continue reading >>