See Jack Ganssle’s discussion on the report here: https://www.embedded.com/electronics-blogs/break-points/4208881/2010-VDC-survey-of-embedded-software. A couple items stand out for us, as a company providing open source embedded ssl:
1. 46% of embedded developers are using a TCP/IP stack. What we’d like to know is the subset of those developers using SSL. If embedded ssl usage maps to general ssl usage studies, it would be about 1-2%. That means a whole lot of devices in a whole lot of places are subject to man in the middle attacks, and worse.
1. The survey also tells us that about 20% of the developers are using open source in some fashion, but it does not tell us why they chose open source. In any event, 20% is a good start! We’d like to pull out our soap box and lecture on why open source produces higher quality software faster than legacy proprietary approaches, but that argument is well documented elsewhere.