The Embedded Frontier

#022 - 2026 Embedded Systems Trends

Embedded systems expert Jacob Beningo explores five major industry trends for 2026, focusing on how AI-assisted development, security requirements, and platform-based engineering are reshaping embedded software development. This comprehensive analysis covers emerging technologies and methodologies that microcontroller-based system developers need to understand to stay competitive in the evolving embedded systems landscape. Key Takeaways: • Use AI to create custom development tools rather than just copying code, potentially saving months of development time annually • Security is no longer optional due to regulations like CRA - threat modeling and secure boot processes are now requirements • Platform-based engineering is driving adoption of modern tools like CMake, VS Code, and Zephyr RTOS across silicon vendors • C++ continues gradual adoption in embedded systems, growing from 3% to 30% market share over 20 years while C remains dominant • Functional simulation techniques can reduce debugging time by 50%, saving significant development resources when combined with AI tools • Edge AI and tiny ML are poised for resurgence as microcontrollers gain more compute power and specialized processing units • DevOps adoption varies widely, with basic Git and compilation pipelines being minimum requirements for modern development • West manifest tools are becoming important for managing complex multi-repository platform projects • AI should enhance expertise rather than replace fundamental embedded systems knowledge and skills • Copy-paste culture threatens to erode deep embedded systems expertise needed for solving complex hardware-software integration issues

#021 - From Pray and Patch to Proactive: Modernizing Embedded Security

Visit our sponsor's website to learn more about their embedded security solutions at https://www.RunSafeSecurity.com/jacob  This episode explores the critical shift from reactive "patch and pray" security approaches to proactive embedded security strategies. Host Jacob discusses common vulnerabilities in embedded systems, real-world security threats from nation-state actors, and practical tools and processes developers can implement to secure their devices throughout the entire development lifecycle. Key Takeaways: • Memory exploits (buffer overflows, out-of-bounds reads/writes, use-after-free) are the most common embedded system vulnerabilities • Nation-state actors like Voltaifun are actively targeting critical infrastructure through embedded devices • Even simple connected devices like $20 coffee makers pose significant security risks through botnets and grid manipulation • Supply chain attacks have risen 700% in recent years, requiring secure programming and signed keys throughout manufacturing • Threat Model Security Analysis (TMSA) should be performed upfront to identify critical data and potential attack vectors • Hardware isolation using ARM TrustZone, multi-core processors, or memory protection units provides essential security layers • Software Bill of Materials (SBOM) helps track open source components and monitor for newly discovered vulnerabilities • Static and dynamic analysis tools should be integrated into CI/CD pipelines for continuous security monitoring • Security must be considered throughout the entire device lifecycle, from design to end-of-life decommissioning • Proactive security approaches using runtime protection tools are more effective than reactive patching strategies

#020 - Embedded DevOps with GitLabs Darwin Sanoy

In this episode of the Embedded Frontier podcast, host Jacob interviews Darwin from GitLab's field CTO office about the adoption and implementation of DevOps practices in embedded systems development. They explore the unique challenges embedded developers face when modernizing their workflows, including managing complex codebases with hundreds of millions of lines of code, compliance requirements, and the critical differences between software-only products and embedded systems where software is just one component of the final product. Key Takeaways: • Embedded systems require different DevOps approaches than pure software products since shipping software doesn't mean shipping the final product • Modern vehicles contain 650 million lines of code in 2025, up from 200 million just five years ago, creating new complexity management challenges • Three categories of embedded systems each need different DevOps strategies: digital disruptors, stable machines, and functional safety systems • Containerized builds and shared development environments eliminate "works on my machine" problems and create reproducible, auditable builds • Software supply chain security through Solza attestation provides traceability from source code to final artifacts • Compliance as code can automate many regulatory requirements like ISO 26262 and MISRA C++, reducing manual bottlenecks • AI integration at the platform level helps embedded developers onboard to DevOps without becoming DevOps experts • Continuous delivery (creating release-ready firmware) is more appropriate for embedded than continuous deployment to production • Automated testing and QA are crucial to prevent manual processes from becoming the limiting factor in development speed • Over-the-air updates in embedded systems require managed deployments with higher reliability than cloud container replacements

#019 – Modernizing Embedded Systems: Step #3 – Adopt DevOps

This podcast episode explores step three of modernizing embedded software development: adopting DevOps practices to solve the critical problem of late and over-budget project delivery in embedded systems. Host Jacob Beningo discusses the four core DevOps principles, presents a compelling case study of the Ariane 5 rocket failure that cost $500 million, and provides practical guidance for implementing CI/CD pipelines to improve software quality and delivery speed. Key Takeaways: • Only 35% of embedded development teams deliver projects on time, with most running 3-6 months late • DevOps focuses on incremental value delivery, improved collaboration, automation, and continuous improvement • The Ariane 5 rocket explosion ($500 million loss) could have been prevented with proper integration testing and CI/CD practices • Start DevOps implementation with automated builds using containers to create unified development environments • Enforce code quality and standards automatically within CI/CD pipelines using tools like Misra C/C++ • Implement regression testing to catch bugs early when they're easier and less costly to fix • Use metrics analysis to automatically identify tight coupling and potential bug locations in code • Artifact management ensures traceability and ability to deliver specific software versions to customers • Deployment automation should at minimum enable automatic hardware testing, even if not direct customer deployment • DevOps creates a value feedback loop between companies and customers through observability and telemetry

#018 - Zephyr RTOS with Brendon Slade

NXP's Brendan Slade discusses why major semiconductor companies are investing heavily in Zephyr RTOS, exploring how this open-source real-time operating system is transforming embedded development for IoT and edge computing applications. The conversation covers NXP's role as a founding platinum member of the Zephyr project, practical advice for developers evaluating RTOS options, and the collaborative ecosystem driving innovation in microcontroller software development. Key Takeaways: • Zephyr provides integrated middleware beyond just a kernel, unlike traditional RTOS options like FreeRTOS • NXP was a founding platinum member of Zephyr project to drive strategic direction for microcontroller enablement • Device tree configuration is the biggest learning curve hurdle, but once mastered, enables easy hardware portability • The Zephyr project has ~50 members including major OEMs from automotive, industrial, and consumer sectors • All code contributions require pull requests, tests, and peer review - no single company can force changes • Power management infrastructure is built into Zephyr drivers, enabling faster development of low-power applications • Training resources are available from multiple partners, and NXP offers Visual Studio Code extensions for easier development • The MCX N947 Freedom board (~$30) provides an excellent platform for exploring Zephyr capabilities • Future focus areas include AI enablement, cybersecurity compliance, and higher-level application frameworks • Companies should invest in device tree training first, then start with evaluation boards to assess portability benefits