Timesys Launches Vigiles SBOM Manager to Address Compliance Challenges in Embedded Software Products

Pittsburgh, PA – August 14, 2023 – Timesys LLC, an industry pioneer and a leading provider of embedded, open-source software security solutions, is proud to announce significant updates to Vigiles, their flagship product designed to simplify and expedite the vulnerability management process and address the increasing requirements for Software Bill of Materials (SBOMs) in embedded products, particularly within regulated spaces such as medical devices and automotive. The new features introduced in Vigiles directly address the pain points faced by companies working with the federal government and complying with regulations, such as NTIA SBOM minimum compliance, enabling them to navigate the evolving landscape of cybersecurity mandates seamlessly.

As part of the new feature launch, Timesys has added a new tier of Vigiles called “Vigiles SBOM Manager” that enables companies and users to track and monitor multiple SBOMS across industry-standard formats, such as CycloneDX and SPDX, compare SBOM changes between builds and releases, and even provides a workspace for team members to collaborate on generating and maintaining SBOMs.

Supporting Medical Device Manufacturers Amid Regulatory Changes

This Vigiles update comes at a critical time, as regulatory bodies around the world are enacting measures to enhance the cybersecurity of medical devices. The recent FDA Omnibus Act and the addition of “Cybersecurity in Medical Devices: Refuse to Accept Policy for Cyber Devices and Related Systems Under Section 524B of the FD&C Act” underscores the importance of SBOMs for the healthcare industry. Previously, the White House Executive Order 14028 set a new precedent for SBOM regulations and compliance requirements. In addition, the proposed European Cyber Resilience Act (Article 37) explicitly emphasizes the need for manufacturers to document components through SBOMs. In this rapidly evolving landscape, Timesys is committed to empowering their customers with the tools they need to stay ahead of compliance requirements without compromising product development timelines.

“With the increasing demand for accurate and reliable SBOMs, especially in regulated spaces, we are proud to introduce the enhanced SBOM capabilities in Vigiles. These features will streamline compliance processes, simplify SBOM management, and ensure our customers meet the requirements set by governing bodies,” said Atul Bansal, Timesys CEO. “Our mission at Timesys is to provide comprehensive and effective solutions such as these that address the evolving needs of our customers.”

Key Enhancements to Vigiles SBOM Experience include NTIA-Compliant SBOM Generation for Yocto-Based Systems

Vigiles also offers NTIA-compliant SBOM generation specifically designed for Yocto-based systems. This integration enables embedded product developers a seamless integration of SBOM generation into their continuous integration and continuous delivery/continuous deployment (CI/CD) pipeline, enabling continuous monitoring of components changes and newly discovered vulnerabilities throughout the software development lifecycle.

NTIA Minimum Element Conformance Check

With Vigiles, companies can also now verify if their SPDX and CycloneDX SBOMs meet the NTIA minimum element conformance standards, guaranteeing adherence to the latest cybersecurity guidelines.

Real-time Compliance Alert Notifications

To aid in license compliance, Vigiles introduces compliance alert notifications. These alerts promptly notify users of any license violations, additions of new components, or the presence of CVEs with specified scores, such as high and critical severity. This proactive approach ensures companies stay ahead of compliance requirements and address potential issues promptly.

Seamless Import and Export of SBOMs

With the inclusion of SPDX and CycloneDX support, Vigiles now enables the seamless import and export of SBOMs in industry standardized formats. Companies can effortlessly integrate existing SPDX or CycloneDX formatted SBOMs into Vigiles, allowing for compatibility and streamlined workflows. Additionally, Vigiles can act as an SBOM format converter, facilitating efficient SBOM exchange between different stakeholders.

Advanced Search Capabilities

Vigiles also now offers advanced search functionalities, enabling companies to quickly search for specific components across multiple SBOMs. This feature simplifies component tracking and management, enhancing the overall efficiency of vulnerability management processes. Companies can also search for CVEs associated with a given component, providing vital insights for risk assessment and mitigation.

Assisting Customers to Seamlessly Navigate the Evolving Cybersecurity Landscape

“As a leading provider of system-on-modules, Laird Connectivity partnered with Timesys to bring Vigiles Prime to our medical device customers. Vigiles’ detailed SBOM analysis, CVE notifications, and innovative vulnerability triage features have enabled our customers to stay on top of SBOM regulatory compliance and offer best-in-class security in their products,” said Dan Kephart, Senior Product Manager, Laird Connectivity. “Vigiles Prime is a core element in our Software Vulnerability Monitoring and Remediation option in our Summit Suite security solutions portfolio and provides the necessary SBOM features required to address the latest FDA and EU MDR security requirements.”

With the introduction of Vigiles SBOM Manager, Timesys reaffirms their commitment to supporting businesses operating in medical, critical infrastructure, industrial, and automotive industries. As SBOM mandates continue to shape the cybersecurity landscape, Timesys empowers its customers to navigate these requirements with confidence through Vigiles SBOM Manager, safeguarding their products and maintaining the highest levels of compliance.

“Our vulnerability management solutions are tailored for OEMs and SOM module vendors developing embedded Linux products and our comprehensive suite of services ensures that our customers’ products stay secure throughout their lifecycle, protecting their brand reputation and their customers’ trust in them,” said Bansal.

To learn more about Vigiles and its enhanced SBOM capabilities, visit https://www.timesys.com/solutions/vigiles-vulnerability-management/ or watch our release video here

About Timesys

Timesys is a pioneer and industry leader in open-source software security, development tools, and engineering services and consulting, spanning the embedded software market. With Timesys’ expertise, OEMs, ODMs, and design houses cut development costs and accelerate time-to-market for devices and IoT systems and applications using embedded Linux, Android, FreeRTOS, Zephyr, and other open-source solutions.

With more than 20 years of embedded development experience, Timesys’ broad portfolio, embedded expertise, and extensive partner ecosystem are used by 1000+ customers to develop leading products and applications including medical, automotive, industrial, networking, aerospace, and Internet of Things (IoT) solutions.

Timesys Press Contact
Jenn Coloma
jenn.coloma@timesys.com 

Timesys, the Timesys logo, and Vigiles are trademarks or registered trademarks of Timesys LLC. All other company and product names mentioned are trademarks and/or registered trademarks of their respective owners.