A Timesys Deep Dive Embedded Systems Newsletter

August 2021

WHAT’S INSIDE

Cybersecurity in the News

“It’s Time to Improve Linux Security” — Top Linux developer Kees Cook calls for everyone to push more for securing Linux

Kees Cook, a Linux security expert and Google Security Engineer, says that while Linux is more secure than Windows, that’s not enough — it also needs to be able to fail well.

In a recent blog post, Cook wrote, “The Linux kernel runs well: when driving down the highway, you’re not sprayed in the face with oil and gasoline, and you quickly get where you want to go. However, in the face of failure, the car may end up on fire, flying off a cliff.” He suggests: “more focus on upstream code review will help stem the tide of their introduction in the first place, with benefits extending beyond just the immediate bugs caught.” Read more here: https://www.zdnet.com/google-amp/article/a-call-to-improve-linuxs-security/.

But Timesys CTO Akshay Bhat says that’s not the whole story.

Read our CTO’s response
What’s New at Timesys

Latest Vigiles features: New APIs, plus easily see filtered and fixed CVEs

With the latest Vigiles release, we’ve made major improvements to your vulnerability monitoring and management experience:

Get early access to the results from our industry-wide survey
    • Use new API routes to create a custom dashboard for data visualization and cybersecurity summaries, and integrate Vigiles with your SDLC tools
      • Compare CVE reports; get manifest info and upload/scan/delete manifests; get CVE report data in JSON format, and more
    • Automatically create summary report of the CVE fixes that went into each release
    • Easily see CVEs that have been filtered out of your report
    • Quickly jump to the fix you need for your specific version of the kernel with links to backported patch
    • Improved reporting of tracked packages with additional feeds/sources of CPE
    • View side-by-side manifest comparison with searchable manifest and CVE sections
Get early access to the results from our industry-wide survey

Check out these new features and more:

Upcoming Events

Two Embedded Linux Conference talks you don’t want to miss

This year’s Open Source Summit & Embedded Linux Conference will be held in person in Seattle and virtually from September 27-30. Don’t miss these two talks presented by Timesys engineering experts.

Using OP-TEE as
A Cryptography Engine

 

Greg Malysa Principal Engineer, Timesys

Greg Malysa, Principal Engineer, Timesys

This Embedded Linux Conference talk will provide an overview of how to integrate platform-specific hardware, such as cryptographic accelerators and hardware random number generators. Then we will discuss building a platform-agnostic key storage system with OP-TEE as a Trusted Application.

Presenter: Gregory Malysa, Timesys
September 27, 2021 • 5:30pm – 6:20pm EDT / 2:30pm – 3:20pm PDT

Board Farm APIs for Automated Testing of Embedded Linux – an update

 

Harish Bansal Test Automation (TA) Technical Lead Engineer, Timesys

Harish Bansal, Test Automation (TA) Technical Lead Engineer, Timesys

This Embedded Linux Conference talk presents an update on work to create a standard API between automated tests and board farm hardware and software.

Presenters: Tim Bird, Sony Electronics & Harish Bansal, Timesys

September 28, 2021 • 12:00pm – 12:50pm EDT / 9:00am – 9:50am PDT

Upcoming NXP-Timesys Webinar

Security Standards are Evolving; Is Your Company?

Create Your Own Device Security Roadmap

Get early access to the results from our industry-wide survey
September 9, 2021 • 11:00am – 12:00pm EDT / 8:00am – 9:00am PDT

Join NXP and Timesys for a webinar that explores standards for device security and how you can approach industry regulations and compliance to create your own security roadmap. We’ll discuss:

  • New and evolving cybersecurity standards across industries
  • What you need and where to start: hardware and software essentials
  • How to meet security standards, e.g. software integrity & authenticity, data confidentiality, detecting and containing cybersecurity events, vulnerability monitoring & management, software updates with security fixes
  • Creating your product device security framework with support from NXP and Timesys

Have you tried out Timesys’ Vigiles vulnerability monitoring and management tool?

We Want Your Feedback
 

Leave us a review on Gartner Peer Insights!

 

Leave us a review on Gartner Peer Insights
  1. Use this link to create a new account or sign in with your existing Gartner Peer Insights account.
  2. Once you sign in, you’ll automatically be taken to the Vigiles page where you can leave your review.
  3. Once completed, click “Submit for Approval.”

Gartner offers a $25 Visa gift card for your honest review!

Learn More

Vigiles supports FreeRTOS, Zephyr & Mbed – use our manifest creator tool to create reports and monitor vulnerabilities
 
July 2021
Timesys Embedded Board Farm (EBF) launched; enables remote access to hardware for software dev, test automation, and debugging
 
June 2021
Vigiles Prime now features automatic alerts for non-authorized license type and for CVEs exceeding CVSS score threshold
 
May 2021

Subscribe to our newsletter so you don’t miss a thing.