Security and Monitoring Vulnerabilities
No code is threat proof. Whether choosing a commercial embedded OS or open source embedded OS, the challenges in securing your device include:
- Finding vulnerabilities that are specific to your device,
- Fixing them in time,
- Integrating the fixes without disrupting your current development and
- Deploying the security fixed image in the field in a secure way.
Eighty percent of all external attacks take advantage of known vulnerabilities in unpatched software and misconfigured systems.*
*The National Institute of Standards and Technology (NIST)
National Vulnerability Database / https://nvd.nist.gov
What will it take to secure your device and maintain its security?
It takes time and effort to maintain an embedded Linux distribution with patches and security vulnerability protection for your OS and application code. With the increasing rate of information-security vulnerabilities and the unpredictability of discoveries, the manual process of securing your device is not feasible. Therefore, you need a process that:
- Does continuous monitoring of the vulnerability discoveries,
- Assesses them against the software components used in your build to verify applicability,
- Notifies the team of the vulnerabilities and
- Applies and tests the fixes, and deploys the updated software in an efficient way.
It is easier to secure open source because the open source community and many organizations / companies with a vested interest in maintaining the high quality of open source software are constantly monitoring for vulnerabilities and assessing the associated risks. As a result, they are often identified and fixed before they are exploited.
Why Choose Timesys?
Continuous Monitoring of CVE
LinuxLink makes use of a common vulnerabilities and exposures (CVE) manager that was developed by Timesys engineering to continuously monitor vulnerabilities databases and security mailing lists. The Timesys security engineering team:
- Assesses the CVE manager report daily,
- Investigates to verify CVE applicability to versions of packages and libraries in the LinuxLink repository and
- Performs the necessary patch integration and testing.
In addition, Timesys’ security engineering team continuously monitors community mailing lists and other official sources where security issues are discussed so as to be made aware of any issues — even before an official CVE is published.
Update Notification and Patching
Timesys LinuxLink customers can leverage the custom notification service to inform them of any discovered vulnerabilities that are specific to their device, thus eliminating the time spent on monitoring CVE themselves.
The LinuxLink Update service provides developers with an easy and efficient way to integrate patches into their device software, eliminating the time spent on addressing CVE that are not applicable.
Have a project you’d like to discuss?
We’d be happy to discuss your project and answer any questions you have. For more information about our security solution or any of our offerings, fill out our online form, contact us firstname.lastname@example.org or call us at 1.866.392.4897 (toll-free) or +1.412.232.3250.