The source code must be obfuscated in production environments.
BSIMM9 SE3.2: 13. Use code protection. To protect intellectual property and make exploit development harder, the organization erects barriers to reverse engineering its software
CAPEC-188: Reverse Engineering. An adversary discovers the structure, function, and composition of an object, resource, or system by using a variety of analysis techniques to effectively determine how the analyzed entity was constructed or operates.
CWE-1269: Product Released in Non-Release Configuration. The product released to market is released in pre-production or manufacturing configuration.
OWASP-ASVS v4.0.1 Appendix C: Internet of Things Verification Requirements.(C.18) Verify security controls are in place to hinder firmware reverse engineering (e.g., removal of verbose debugging symbols).
OWASP-ASVS v4.0.1 Appendix C: Internet of Things Verification Requirements.(C.34) Verify that micro controllers are configured with code protection (if applicable).