A classic security breach vector involves exploiting weak authentication. As security researchers like to point out, failing to change default passwords for administrative access remains the top security issue for all types of IT systems.
But a related — and perhaps more devious — attack vector involves exploiting a weakness in a process that is supposed to help ensure device security in the first place: the remote system update.
Continue reading “Security vulnerabilities and medical devices: when the software update itself is the problem” »
Embedded system products are often deployed by IT managers struggling with a longstanding tradeoff: Should you sacrifice IT performance to make IT more secure?
The performance-or-security tradeoff has been the subject of technology research and industry analysis for many years. The analysis often focuses on issues like network performance or business application performance and how security measures may impede or otherwise affect throughput or access. Continue reading “Embedded system security and the IT performance tradeoff” »
Researchers and the technology media are reporting that the average application now contains more open source software components than proprietary code. And the use of open source components in embedded systems such as Internet of Things (IoT) devices likewise is on the rise.
How is this trend affecting awareness of embedded system security and open source security best practices? If you bring embedded system products to market with open source components, how do these systems affect your customers’ security postures?
To evaluate these questions, it helps to explore how enterprises test and measure the security of IT systems.
Continue reading “Security testing of embedded open source systems creates a stronger enterprise security posture” »