Eighty-nine percent of organizations use AI coding assistants, while 39% restrict their use to certain developers. Ninety-six percent integrate open-source AI models into products. Rapid adoption is outpacing governance and security measures: 21% lack confidence preventing AI from introducing vulnerabilities, and 18% are not confident managing open-source license risks from AI-generated code. Risk concerns are elevated for embedded systems that could affect human safety. Python leads embedded-system languages (27%), followed by C++ (26%), Java (22%), and JavaScript (21%). SCA usage and SBOM production have increased, with 71% producing SBOMs.
A survey of 785 development and security professionals working on embedded systems published this week finds 89% of organizations are already using artificial intelligence (AI) coding assistants, but 39% also noted that only certain developers are allowed to use them. Conducted by Censuswide on behalf of Black Duck Software, the survey also finds that 96% of respondents are integrating open source AI models into their products. Unfortunately, rapid adoption appears to be outpacing the development of necessary governance and security measures, with 21% of respondents lacking confidence in their ability to prevent AI from introducing security vulnerabilities.
Corey Hamilton, senior solutions manager for Black Duck Software, said the survey makes it clear that while adoption of AI coding tools is high, there is a substantial amount of risk, especially if the embedded system is used in an application that could impact human safety. The simple fact of the matter is that the level of potential risk is being elevated, he noted. Too many business leaders, in the name of increasing productivity, have donned AI security blinders, added Hamilton.
Overall, the survey finds that Python is now the most widely used programming language by builders of embedded systems (27%), followed by C++ (26%), Java (22%) and JavaScript (21%). Usage of software composition analysis (SCA) tools is becoming more widespread, with scans occurring with every build (39%), on every pull request (39%), and within the integrated developer environment (35%). A full 71% said their organizations can also now produce software bill of materials (SBOMs), driven primarily by customer and partner requirements (40%).
Collection
[
|
...
]