A Timesys Deep Dive Embedded Systems Newsletter
WHAT’S INSIDE
- Cybersecurity in the news: BusyBox flaws affect millions of embedded devices
- Timesys has a brand new look
- Yocto Project Summit talk on December 2: Using Yocto to Secure Your Device — 3 stages for effective security
- Register now for December 9 webinar: Supercharge your vulnerability management
- Security survey: 10 questions. 5 minutes. Our undying gratitude
Cybersecurity in the News: Millions of devices at risk with 14 vulnerabilities found in BusyBox
These Denial of Service vulnerabilities may be present in 40% of embedded firmware imagesBy now, you’ve likely heard about the fourteen vulnerabilities found in the BusyBox userspace tool earlier this month, affecting millions of embedded devices running Linux-based firmware.
Firmware developers are advised to upgrade to the new version (BusyBox 1.34.0) where the vulnerabilities were fixed.
But it shouldn’t stop with this one upgrade. This CSO article gives a detailed look at the vulnerabilities found, and highlights the need for monitoring and remediation of security vulnerabilities as well as regular updates: “Enterprises should have patching policies in place that take into account their IoT and OT devices and should generally choose devices from vendors that commit to releasing regular and timely security updates for their products.”
While this is good advice, it requires a tremendous amount of work to search through hundreds of vulnerabilities reported weekly, decide which need to be addressed, and find and apply the patches.
Our vulnerability monitoring and remediation tool, Vigiles, utilizes a curated database to give you an early notification of CVEs like those found in the BusyBox userspace tool. And early notification gives you a jump start to take action on the most pressing security threats without having to comb through hundreds and hundreds of CVEs.
Ready to take control of your CVE monitoring and remediation? Try out Vigiles Prime free for 30 days.
What’s New at Timesys
Timesys has a Brand New Look
Same great solutions. New and improved website experience.
Check out the shiny new timesys.com.
Yocto Project Summit
The Yocto Project Virtual Summit is a virtual technical conference for engineers, open source technologists, students and academia in the OSS space. Attendees can learn about Yocto Project’s new releases, tools, and features; get training on the next wave of embedded Linux technologies; and network with their peers and industry experts.
Kevin Chau
Senior Embedded Linux Engineer, Timesys
Using Yocto to Secure Your Device: From Development to Production
December 2, 2021 • 11:00 AM EDT / 8:10 AM PDT
With the recent increase in security scrutiny, how do we leverage Yocto’s extensibility and flexibility to streamline development and keep our products secure? This Yocto Project Virtual Summit talk will focus on key security ideas and their implementation in Yocto for different stages of development.
Timesys-NXP Webinar
Vigiles Demo Webcast with NXP: Supercharge your vulnerability management
December 9, 2021 • 11:00 AM EDT / 8:00 AM PDT
Join NXP and Timesys for a demo webcast that explores industry best practices to create a process for maintaining effective embedded system security using the Vigiles vulnerability monitoring and management tool. We’ll discuss:
- How to choose the right tool for embedded system security maintenance and achieving industry compliance
- Demo of the Vigiles tool and latest features with a look at how it plugs into the software development workflow (Jira integration, license and policy alerts, manifest comparison, new APIs and more)
- Using the Vigiles tool plus OS maintenance service for long term fixed branch support for vulnerabilities
IoT Device Manufacturer Security Survey
We Want Your FeedbackWe are conducting an industry-wide, global survey to better understand where IoT device manufacturers are on their cybersecurity journey. The survey takes less than 5 minutes to complete, and individual answers will remain completely anonymous and strictly confidential. It is open to all individuals, regardless of location.
All participants will get early access to the results, and 5 participants will randomly be selected to receive a USD$50 Visa gift card. Survey closes February 1, 2022. Email leah.simoncelli@timesys.com with any questions.
Want to take it a step further and share it with your network? Share this tweet or this Linkedin post. In addition to the perks above, you’ll get our undying gratitude.