The Embedded Frontier

Visit our sponsor's website to learn more about their embedded security solutions at https://www.RunSafeSecurity.com/jacob This episode explores the critical shift from reactive "patch and pray" security approaches to proactive embedded security strategies. Host Jacob discusses common vulnerabilities in embedded systems, real-world security threats from nation-state actors, and practical tools and processes developers can implement to secure their devices throughout the entire development lifecycle.Key Takeaways:• Memory exploits (buffer overflows, out-of-bounds reads/writes, use-after-free) are the most common embedded system vulnerabilities• Nation-state actors like Voltaifun are actively targeting critical infrastructure through embedded devices• Even simple connected devices like $20 coffee makers pose significant security risks through botnets and grid manipulation• Supply chain attacks have risen 700% in recent years, requiring secure programming and signed keys throughout manufacturing• Threat Model Security Analysis (TMSA) should be performed upfront to identify critical data and potential attack vectors• Hardware isolation using ARM TrustZone, multi-core processors, or memory protection units provides essential security layers• Software Bill of Materials (SBOM) helps track open source components and monitor for newly discovered vulnerabilities• Static and dynamic analysis tools should be integrated into CI/CD pipelines for continuous security monitoring• Security must be considered throughout the entire device lifecycle, from design to end-of-life decommissioning• Proactive security approaches using runtime protection tools are more effective than reactive patching strategies

In this episode of the Embedded Frontier podcast, host Jacob interviews Darwin from GitLab's field CTO office about the adoption and implementation of DevOps practices in embedded systems development. They explore the unique challenges embedded developers face when modernizing their workflows, including managing complex codebases with hundreds of millions of lines of code, compliance requirements, and the critical differences between software-only products and embedded systems where software is just one component of the final product.Key Takeaways:• Embedded systems require different DevOps approaches than pure software products since shipping software doesn't mean shipping the final product• Modern vehicles contain 650 million lines of code in 2025, up from 200 million just five years ago, creating new complexity management challenges• Three categories of embedded systems each need different DevOps strategies: digital disruptors, stable machines, and functional safety systems• Containerized builds and shared development environments eliminate "works on my machine" problems and create reproducible, auditable builds• Software supply chain security through Solza attestation provides traceability from source code to final artifacts• Compliance as code can automate many regulatory requirements like ISO 26262 and MISRA C++, reducing manual bottlenecks• AI integration at the platform level helps embedded developers onboard to DevOps without becoming DevOps experts• Continuous delivery (creating release-ready firmware) is more appropriate for embedded than continuous deployment to production• Automated testing and QA are crucial to prevent manual processes from becoming the limiting factor in development speed• Over-the-air updates in embedded systems require managed deployments with higher reliability than cloud container replacements

This podcast episode explores step three of modernizing embedded software development: adopting DevOps practices to solve the critical problem of late and over-budget project delivery in embedded systems. Host Jacob Beningo discusses the four core DevOps principles, presents a compelling case study of the Ariane 5 rocket failure that cost $500 million, and provides practical guidance for implementing CI/CD pipelines to improve software quality and delivery speed.Key Takeaways:• Only 35% of embedded development teams deliver projects on time, with most running 3-6 months late• DevOps focuses on incremental value delivery, improved collaboration, automation, and continuous improvement• The Ariane 5 rocket explosion ($500 million loss) could have been prevented with proper integration testing and CI/CD practices• Start DevOps implementation with automated builds using containers to create unified development environments• Enforce code quality and standards automatically within CI/CD pipelines using tools like Misra C/C++• Implement regression testing to catch bugs early when they're easier and less costly to fix• Use metrics analysis to automatically identify tight coupling and potential bug locations in code• Artifact management ensures traceability and ability to deliver specific software versions to customers• Deployment automation should at minimum enable automatic hardware testing, even if not direct customer deployment• DevOps creates a value feedback loop between companies and customers through observability and telemetry

NXP's Brendan Slade discusses why major semiconductor companies are investing heavily in Zephyr RTOS, exploring how this open-source real-time operating system is transforming embedded development for IoT and edge computing applications. The conversation covers NXP's role as a founding platinum member of the Zephyr project, practical advice for developers evaluating RTOS options, and the collaborative ecosystem driving innovation in microcontroller software development.Key Takeaways:• Zephyr provides integrated middleware beyond just a kernel, unlike traditional RTOS options like FreeRTOS• NXP was a founding platinum member of Zephyr project to drive strategic direction for microcontroller enablement• Device tree configuration is the biggest learning curve hurdle, but once mastered, enables easy hardware portability• The Zephyr project has ~50 members including major OEMs from automotive, industrial, and consumer sectors• All code contributions require pull requests, tests, and peer review - no single company can force changes• Power management infrastructure is built into Zephyr drivers, enabling faster development of low-power applications• Training resources are available from multiple partners, and NXP offers Visual Studio Code extensions for easier development• The MCX N947 Freedom board (~$30) provides an excellent platform for exploring Zephyr capabilities• Future focus areas include AI enablement, cybersecurity compliance, and higher-level application frameworks• Companies should invest in device tree training first, then start with evaluation boards to assess portability benefits

SummaryIn this episode of the Embedded Frontier Podcast, Jacob Beningo dives into modernizing embedded software architecture—the second step in his seven-step framework for building faster, smarter firmware. He explores why most legacy architectures turn into “giant balls of mud,” how tightly coupling software to hardware holds teams back, and the four architectural dimensions you must consider: characteristics, principles, decisions, and structure.Jacob also shares controversial yet practical perspectives, including his philosophy that “there is no hardware, only data,” and why data—not hardware—should dictate design. From architectural decision records (ADRs) to adopting a top-down approach with the 4C model, this episode provides actionable insights for designing scalable, maintainable, and future-ready embedded systems.TakeawaysAvoid spaghetti code: Emergent architectures rarely scale; intentional design upfront is critical.Define architecture characteristics: Select 3–7 key qualities (e.g., modularity, scalability, robustness) to guide decisions.Establish design principles: Adopt philosophies like “data dictates design” and “there is no hardware, only data.”Capture architectural decisions: Use ADRs to record trade-offs and prevent wasted rework.Think top-down: Use the 4C model (Context → Containers → Components → Classes) instead of bottom-up hardware-first design.Abstract hardware: Decouple hardware details from application logic for scalability and reusability.Prepare for change: Modern IoT and ML-driven systems demand flexible, forward-looking architectures.Keywordsembedded systems, software architecture, modularity, scalability, ADR, design principles, data dictates design, hardware abstraction, IoT, DevOps, test-driven development, modern firmware, top-down design, containers, 4C model