A 2017 survey by the MPI Group found that just 47% of IoT manufacturers consider security during the conceptualization or design stage. Only 21% begin thinking about security during production, and 18% wait until the Quality Assurance (QA) phase. The remainder don't consider security until the marketing phase of their product.
Read the full survey results at the following link: https://www.bdo.com/getattachment/9adeb668-5c54-47b7-9108-08ad37fe6fd3/attachment.aspx.
This data backs up what we have already seen in the news. The proliferation of Mirai and other botnets has been aided by products that have failed to incorporate even minimum security controls. Yet, introducing security from the start of a project is difficult. Developers must overcome challenges in fielding secure products and systems.
This chapter discusses secure design approaches...