Visit our sponsor's website to learn more about their embedded security solutions at https://www.RunSafeSecurity.com/jacob

This episode explores the critical shift from reactive "patch and pray" security approaches to proactive embedded security strategies. Host Jacob discusses common vulnerabilities in embedded systems, real-world security threats from nation-state actors, and practical tools and processes developers can implement to secure their devices throughout the entire development lifecycle.

Key Takeaways:

• Memory exploits (buffer overflows, out-of-bounds reads/writes, use-after-free) are the most common embedded system vulnerabilities
• Nation-state actors like Voltaifun are actively targeting critical infrastructure through embedded devices
• Even simple connected devices like $20 coffee makers pose significant security risks through botnets and grid manipulation
• Supply chain attacks have risen 700% in recent years, requiring secure programming and signed keys throughout manufacturing
• Threat Model Security Analysis (TMSA) should be performed upfront to identify critical data and potential attack vectors
• Hardware isolation using ARM TrustZone, multi-core processors, or memory protection units provides essential security layers
• Software Bill of Materials (SBOM) helps track open source components and monitor for newly discovered vulnerabilities
• Static and dynamic analysis tools should be integrated into CI/CD pipelines for continuous security monitoring
• Security must be considered throughout the entire device lifecycle, from design to end-of-life decommissioning
• Proactive security approaches using runtime protection tools are more effective than reactive patching strategies

In this episode of the Embedded Frontier podcast, host Jacob interviews Darwin from GitLab's field CTO office about the adoption and implementation of DevOps practices in embedded systems development. They explore the unique challenges embedded developers face when modernizing their workflows, including managing complex codebases with hundreds of millions of lines of code, compliance requirements, and the critical differences between software-only products and embedded systems where software is just one component of the final product.

Key Takeaways:

• Embedded systems require different DevOps approaches than pure software products since shipping software doesn't mean shipping the final product
• Modern vehicles contain 650 million lines of code in 2025, up from 200 million just five years ago, creating new complexity management challenges
• Three categories of embedded systems each need different DevOps strategies: digital disruptors, stable machines, and functional safety systems
• Containerized builds and shared development environments eliminate "works on my machine" problems and create reproducible, auditable builds
• Software supply chain security through Solza attestation provides traceability from source code to final artifacts
• Compliance as code can automate many regulatory requirements like ISO 26262 and MISRA C++, reducing manual bottlenecks
• AI integration at the platform level helps embedded developers onboard to DevOps without becoming DevOps experts
• Continuous delivery (creating release-ready firmware) is more appropriate for embedded than continuous deployment to production
• Automated testing and QA are crucial to prevent manual processes from becoming the limiting factor in development speed
• Over-the-air updates in embedded systems require managed deployments with higher reliability than cloud container replacements

Summary

In this episode of the Embedded Frontier Podcast, Jacob Beningo dives into modernizing embedded software architecture—the second step in his seven-step framework for building faster, smarter firmware. He explores why most legacy architectures turn into “giant balls of mud,” how tightly coupling software to hardware holds teams back, and the four architectural dimensions you must consider: characteristics, principles, decisions, and structure.

Jacob also shares controversial yet practical perspectives, including his philosophy that “there is no hardware, only data,” and why data—not hardware—should dictate design. From architectural decision records (ADRs) to adopting a top-down approach with the 4C model, this episode provides actionable insights for designing scalable, maintainable, and future-ready embedded systems.

Takeaways

• Avoid spaghetti code: Emergent architectures rarely scale; intentional design upfront is critical.
• Define architecture characteristics: Select 3–7 key qualities (e.g., modularity, scalability, robustness) to guide decisions.
• Establish design principles: Adopt philosophies like “data dictates design” and “there is no hardware, only data.”
• Capture architectural decisions: Use ADRs to record trade-offs and prevent wasted rework.
• Think top-down: Use the 4C model (Context → Containers → Components → Classes) instead of bottom-up hardware-first design.
• Abstract hardware: Decouple hardware details from application logic for scalability and reusability.
• Prepare for change: Modern IoT and ML-driven systems demand flexible, forward-looking architectures.

Keywords

embedded systems, software architecture, modularity, scalability, ADR, design principles, data dictates design, hardware abstraction, IoT, DevOps, test-driven development, modern firmware, top-down design, containers, 4C model

In this episode of the Embedded Frontier podcast, Jacob Beningo and Kyle Dando from NXP discuss the modernization of embedded software and firmware, focusing on the MCU Xpresso SDK. They explore the significant changes made to the SDK, including the adoption of CMake and KConfig, the introduction of West for managing software repositories, and the overall impact on developer workflows. The conversation also covers the migration path for existing users and future trends in embedded software development, emphasizing the importance of user feedback in shaping the SDK's evolution.

Takeaways

- Modern build systems are essential for embedded software development.
- The MCU Xpresso SDK packages low-level drivers and middleware for ease of use.
- Accessibility improvements were a primary focus in SDK modernization.
- CMake was adopted for its universal build capabilities and customer demand.
- West allows for efficient management of software from multiple repositories.
- KConfig simplifies project configuration and dependency management.
- Developers can choose between command line and IDE workflows.
- Migration to the new SDK is designed to minimize disruption for users.
- Future trends include support for new operating systems and ecosystems.
- User feedback is vital for continuous improvement of the SDK.

In this episode of the Embedded Frontier Podcast, Jacob Beningo discusses the importance of modernizing build systems in embedded software development. He outlines a seven-step framework for developing faster and smarter firmware, focusing on the need to overhaul build systems to keep pace with contemporary development practices. The conversation covers containerization, the adoption of tools like CMake and West, and the integration of AI technologies to enhance build processes and ensure flexibility and scalability in software development.

Takeaways

- Overhauling your build system is crucial for modern development.
- Build systems must adapt to contemporary software practices.
- Containerization provides a consistent build environment.
- CMake offers flexibility and modularity in builds.
- West helps manage multiple repositories effectively.
- Modern build systems should integrate with CI/CD workflows.
- Flexibility in workflows enhances developer productivity.
- AI can assist in transitioning to modern build systems.
- Scalability is essential for long-term software projects.
- A modern build system reduces stress and increases efficiency.

Keywords

embedded systems, build system, DevOps, CMake, containerization, software development, AI, firmware, modern architecture, CI/CD

Summary

In this episode of the Embedded Frontier Podcast, Jacob Beningo introduces a comprehensive framework for modernizing embedded systems development. He discusses the importance of adapting to modern techniques in firmware development, emphasizing the need for a shift in workflows, architectures, and tools. The episode outlines a seven-step process that includes modernizing build systems, improving software architecture, implementing DevOps practices, embracing test-driven development, leveraging simulation, adopting AI and machine learning, and establishing a metrics scoreboard to track progress. Each step is designed to help teams develop faster and smarter firmware, ultimately leading to more efficient and effective embedded systems development.


Takeaways

• Modernizing firmware is essential for efficient development.
• The seven-step modernization framework includes build systems, architecture, DevOps, testing, simulation, AI, and metrics.
• Modern build systems should support various developer tools and environments.
• Software architecture must be scalable and flexible, separating application code from hardware.
• DevOps is crucial for improving collaboration and speeding up development cycles.
• Testing should be prioritized, with an emphasis on test-driven development (TDD).
• Simulation can help developers test application code without hardware dependencies.
• AI and machine learning can enhance both on-chip processing and development workflows.
• Metrics are essential for tracking progress and identifying areas for improvement.

The framework aims to help teams deliver better products on time and within budget.

Keywords

embedded systems, firmware development, modernization framework, build systems, DevOps, test-driven development, simulation, AI, machine learning, metrics