Black Duck’s new report, "The State of Embedded Software Quality and Safety 2025," presents key findings from a survey of 785 embedded software professionals. The report highlights two major shifts in the embedded software landscape: the widespread adoption—and dangerous lack of governance—of AI tools, and the rise of the software supply chain as a core business function, transforming Software Bills of Materials (SBOMs) into a crucial commercial requirement.
The report also explores the evolving role of embedded developers, the persistent tension between speed and quality, and the fragmented nature of compliance standards among firms engaged in embedded software development. And it offers actionable recommendations for technical leaders, managers, and security and compliance professionals to address the unique challenges of embedded software development. Here are some of the key questions addressed in the report.
A significant 89.3% of companies are already using AI code assistants, and 96.1% are integrating open source AI models directly into their products, often for core functions like data processing, computer vision, and process automation.
However, this rapid adoption is dramatically outpacing governance. Over 21% of organizations are not confident they can prevent AI from injecting flaws or other issues into their code. And 18% are aware of their developers using AI tools against company policy, posing significant unmanaged security, licensing, and IP risk.
SBOMs have evolved from a niche compliance concern to a mainstream commercial requirement. Over 70% of organizations involved with embedded software development are now required to produce an SBOM, primarily driven by customer or partner requirements (39.4%), significantly surpassing industry regulation requirements (31.5%). The market is demanding deep transparency into software supply chains, making SBOMs a tool for competitive advantage.
The "manager/engineer reality gap" refers to a stark perception difference between management and hands-on developers regarding project success and quality. This gap represents a significant source of hidden risk within organizations, as it can mask underlying quality issues and deferred liabilities.
The report shows that 86% of VPs and directors are optimistic about on-time, on-quality releases, only 56% of hands-on developers share that sentiment. The report notes that managers may see a product shipped on time as a win, while engineers are acutely aware of the painful compromises, shortcuts, and technical debt incurred to meet deadlines.
The job description for an embedded developer is rapidly changing. While C languages remain foundational, there is a clear trend toward the adoption of memory safe languages. A significant 80.4% of companies have already adopted memory safe languages like Rust, Go, C#, Swift, and Python, either for new projects or by transitioning existing C++ projects.
The top concern among respondents regarding software released with defects is the potential “impact on safety or the environment” (19.62%). This response highlights the critical nature of embedded systems, where malfunctions can have serious real-world consequences. Other significant concerns include the cost of patching defects in the field (19.36%), damage to company reputation (17.58%), and loss of intellectual property (16.69%). All these concerns underscore the high stakes involved in embedded software quality and safety.
Organizations are adopting a “shift-everywhere” strategy for software supply chain management. Software composition analysis (SCA) is now standard practice, with scans happening at every stage: with every build (39.1%), on every pull request (38.9%), and even within the developer's integrated development environment (IDE) (34.9%).
More than half of all companies (54.4%) are actively scanning for license obligations in code snippets that developers copy and paste into proprietary code. This is crucial because even small pieces of code can carry significant IP and license risks.
Download the full report to learn more about the above findings, as well as
Download your complimentary copy of "The State of Embedded Software Quality and Safety 2025" today.
Jun 03, 2025 | 3 min read
May 08, 2025 | 3 min read
Jan 23, 2025 | 6 min read
Jan 06, 2025 | 6 min read
Dec 01, 2024 | 7 min read