September 02, 2025
Blog
Image Credit: TrustInSoft
For the inaugural “The State of Software Assurance” report, TrustInSoft teamed up with partners Ferrous Systems and Hitex to deliver a survey for engineers and technical leads in automotive, aerospace, embedded systems, and industrial IoT.
The report details the state of software testing and evaluates trends coming over the next year. Some of the key findings include:
Memory safety is no longer optional—engineering teams are making it a foundational design requirement across critical systems. 62% of respondents agree that memory safety will be a baseline requirement for mission-critical software development.
Traditional testing tools are falling short, pushing teams to explore formal methods that offer mathematical assurance instead of approximation.
Mixed-language codebases and rising compliance demands are accelerating the need for testing strategies that go deeper and deliver provable results.
Testing used to be a final checklist item—a post-development activity. But for mission-critical software, that approach is no longer viable. Teams are moving beyond simply asking if their code works; they need mathematical certainty that it can’t fail. This new report reveals that relying on test coverage alone is a losing game, as it often misses entire classes of critical bugs. The new imperative is clear, you can’t just test your software, you must prove its integrity.
False alarms from static analyzers and missed bugs in runtime testing still frustrate developers. What teams want now is certainty. The kind that comes from tools with exhaustive coverage, path sensitivity, and formal guarantees—not just spot checks and hopeful heuristics.
The rise of new languages like Rust, with certain memory safety measures built in and legacy C/C++ code in embedded systems, brings a new element to the challenges of embedded code verification.
Especially when those systems are a blend of legacy C, newer C++, and an increasing amount of Rust—complete with unsafe blocks and tricky FFI boundaries.
The report captures developer concern around these mixed-language projects, where existing test pipelines often fall short.
Software development and verification teams that are holding themselves to the highest standards and coverage levels are identifying gaps in their legacy tools and methods.
Formal methods are becoming less of a research topic and more often seen as the answer to the gaps in traditional tools. Techniques like exhaustive static analysis and mathematical verification aren’t just for academia anymore. As regulatory pressure increases and system complexity soars, more teams are evaluating formal methods not just to meet standards, but to own them.
Safety critical industries have been leading the way in the adoption of testing methods beyond the status quo. Standards like ISO 26262 and DO-178c in the automotive and aerospace industries, amongst other standards and certifications are recommending rigorous testing methods like formal verification.
The report shows that engineers themselves are behind the push for better tooling—not just compliance teams.
In this case, better does not necessarily equal faster or less expensive. This is a call for deeper and more powerful tooling. Tools that can reason about entire systems, not just scan individual files. Tools that reduce testing time and raise confidence. Tools that don’t just say “something might be wrong” but can prove when it isn’t.
Formal methods aren’t being adopted everywhere, all at once, but they’re gaining traction in the places that matter most including safety modules, memory-sensitive code, and systems where uptime is everything.
This isn’t a rejection of old practices. It’s a rebalancing. Manual testing, integration suites, unit tests—they all still have a place. But increasingly, they’re seen as the base layer, not the whole stack.
Discover actionable insights and recommendations, along with visual data representations of the survey data, by reading the rest of the report.
Download the full report here.
Caroline Guillaume is the CEO of TrustInSoft. She has an extensive background working in the critical software industry, notably at Thales Digital Identity and Security where for 14 years she contributed to the Sales division including as the VP of Sales – Software Monetization Europe and VP of Banking and Telecom Solutions Sales out of Singapore. She also previously worked as director of Product Marketing at Gemplus. Caroline holds an engineering degree from Télécom SudParis.