LinuxLink Login   |   1.866.392.4897 |   sales@timesys.com
Managing vulnerabilities: Understanding patch notifications and fixing CVEs

Managing vulnerabilities: Understanding patch notifications and fixing CVEs

After Notification: The Next Steps

In a previous blog, we covered how Timesys handles security monitoring and notification of open source software vulnerabilities, how to generate reports on demand for the current state of a Yocto or Factory build on the desktop, and how to view, generate, and subscribe for reports on the web. If you missed it, now would be a good time to catch up before reading this post, because the next steps cover what to do with the information contained in those reports. Specifically, you may have the following questions:

  • What should I fix?
  • Where do I find the fixes?
  • How do I apply fixes to my build?

We’ll start by explaining the meaning of the subcategories of “Unfixed” CVEs and the “Vector” column in the reports, and then break down each of the above questions. Along the way, you’ll see how the solutions offered by Timesys can save you countless hours spent searching for patches, applying them to your build, and dealing with conflicts that arise when upgrading.

Continue reading “Managing vulnerabilities: Understanding patch notifications and fixing CVEs” »

Webinar Series: Reduce Risk with RISC – Designing and Maintaining Secure Embedded Linux Devices with Advantech RISC Platforms

Webinar Series: Reduce Risk with RISC – Designing and Maintaining Secure Embedded Linux Devices with Advantech RISC Platforms

The security of your device systems and software is critical for your customers. Heightened cyber-attacks, stringent privacy requirements, and increased breach risks all demand that security is baked into your product design, not slapped on as an afterthought.

Continue reading “Webinar Series: Reduce Risk with RISC – Designing and Maintaining Secure Embedded Linux Devices with Advantech RISC Platforms” »