Between Software Innovation And Critical Security, Developers Often Make Compromises

There is mounting pressure on software engineers and developers to balance rapid innovation with safety and security. Three in four developers admit that deadline urgency often compromises functional safety, highlighting the tension between rapid innovation and maintaining certified, robust systems, new research from security software and services provider BlackBerry Ltd. indicates.

The survey of 1,000 embedded software developers and engineers revealed that frustration leads 74% of them to consider switching operating systems. While developers cite security (54%), cost control (52%) and safety certifications (48%) as their top considerations when selecting an OS, there are significant challenges in these areas that made the majority of respondents open to changing their existing OS.

Of those required to meet international safety standards, 61% said it is extremely or very challenging to meet these specific standards with their current OS. Security concerns (36%) and lacklustre performance issues (28%) are the two main reasons respondents are considering changing their current OS.

Open-source OS were the preferred foundational platform for 44% of developers, with an additional 25% indicating no preference for either open-source or proprietary offerings. Open-source platforms are often adopted within development environments due to widespread familiarity with the technology and their open availability.

However, critically, they do not carry the same safety certifications as many proprietary options, which go through verification and testing to ensure international safety requirements are met.

"Developers are under growing pressure to meet deadlines and budgets, which is why pre-certified software is so important to enabling organisations to not only meet their goals but do so without compromise," said John Wall, senior vice president and head of BlackBerry QNX.

Nearly a third of respondents admitted that their OS lacked the necessary safety certifications or only had ‘some’ of them covered. This gap has contributed to delays for two-thirds of organisations as they grapple with the complexity, time and cost—averaging $591,000 and 154 hours of company resources—needed to meet evolving safety standards.

Security also remains a pain point for developers, particularly for open-source OS, which are more likely to experience a breach (46% vs. 40% for proprietary systems). Of those who have encountered a security breach or vulnerability in their OS, 72% reported delays in project timelines due to security vulnerabilities.

"Pre-certified, secure-by-design solutions allow teams to focus on innovation rather than troubleshooting," said Wall.

While 73% of organisations prioritise OS security, the frequency of applying security patches varies, with an average of five weeks between updates.

Additionally, OS issues can have a significant impact on project timelines, with 34% of organisations reporting that they have missed deadlines due to OS-related problems, with the average delay globally being one month.