A Timesys Deep Dive Embedded Systems Newsletter
WHAT’S INSIDE
- Cybersecurity news: Organizations face a ‘losing battle’ against vulnerabilities
- Goodbye wasting time on reports & audits; hello SPDX format for Vigiles
- Take a break with our new CVE mitigation game
- 5 lessons learned from the log4j vulnerability
- ICYMI: Using Yocto to secure your device; Vigiles demo webcast
- Sneak preview: monthly webinar + live session with technical specialists
- Last chance to get early access to cybersecurity survey results
Cybersecurity in the News: Organizations Face a ‘Losing Battle’ Against Vulnerabilities
Companies must take more ‘innovative and proactive’ approaches to security in 2022 to combat threats that emerged last year, researchers sayFrom the Colonial Pipeline attack and the explosion of ransomware to the supply chain emerging as a “primary attack surface,” 2021 was a banner year for cybersecurity attacks.
And according to an annual security report from Bugcrowd, the attacks have become even more sophisticated: some groups track critical vulnerabilities that haven’t yet been detected by organizations, finding the gaps where they can strike and exploit the CVEs.
These trends have made one thing very clear: a proactive security approach is an absolute necessity for 2022. Read the full article here.
Ready to get proactive in the vulnerability battle? Try out our Vigiles vulnerability monitoring and remediation tool – free for 30 days.
What’s New at Timesys
SBOM Management Just Got Easier with the Latest Vigiles Release
Vigiles, our best-in-class CVE monitoring and remediation tool, is the only Software Composition Analysis tool that’s optimized for embedded. And with the latest release of Vigiles (December 2021), we’ve added two key features:
1. Export your Software Bill of Materials
(SBOM) in SPDX format
SPDX format is an international open standard for SBOMs that communicates information including components, licenses, copyrights, and security references. This feature is helpful for tracking packages, reporting, audits, and streamlining and improving compliance.
2. Vigiles Supports OpenWrt
Vigiles supports all major Linux build system integrations including Yocto, Buildroot, Timesys Factory, PetaLinux, Wind River Linux, PTXdist, and now, OpenWrt.
With this latest feature, you can track CVEs filed against OpenWrt.
OR
Timesys CVE Invaders
Tired of chasing vulnerabilities all day? Have you ever dreamed of shooting them with a laser to make them go away? Now is your chance: try our new CVE mitigation game, CVE Invaders!
Use your old-school video game skills and the powerful Vigiles scan tool to defeat CVEs and bugs. Eliminate enough CVEs to meet the minimum security requirement, and move on to the next level. Just like in real life, the CVEs will keep coming, but as you sharpen your skills and use the right tools, you’ll get better and faster at defeating them. Ready to play?
Learn with Timesys
5 Lessons Learned From the Log4j Vulnerability…and How the Embedded Industry Can Be Better Prepared for the Next One
What can we learn from this historic attack? Read the full post for five key takeaways for embedded:
In Case You Missed It
Watch our latest presentations on-demand
Vigiles Demo Webcast with NXP: Supercharge your vulnerability management
Timesys-NXP webinar and demo
- How to choose the right tool for embedded system security maintenance and achieving industry compliance
- Vigiles demo & new features (Jira integration, license and policy alerts, manifest comparison, new APIs)
Using Yocto to Secure Your Device: From Development to Production
Timesys-NXP webinar and demo
- How to leverage Yocto’s extensibility and flexibility to streamline development and keep products secure
- Key security ideas and their implementation in Yocto for different stages of development
Sneak Preview: You’ve Got Questions – We’ve Got Answers
A monthly embedded cybersecurity webinar + live Q&A
Starting next month, we’ll be hosting a monthly webinar + live session with our technical specialists. The first part of the session will focus on a rotating series of cybersecurity and embedded topics, while the second part will be a live, open forum for questions. Ask all your burning questions and get answers from the technical experts you trust.
Keep an eye out for your invite!
What topics would you like to see us cover? Just reply to this email with your questions and ideas.
Can’t wait until next month?
Last Chance to Get Early Access to Survey Results
We Want Your Feedback5 days left to participate in the 5-minute IoT Device Manufacturer Security Survey
We are conducting an industry-wide, global survey to better understand where IoT device manufacturers are on their cybersecurity journey, and we want to hear from you.
All participants will get early access to the results, and 5 participants will randomly be selected to receive a USD$50 Visa gift card.
Survey closes February 1, 2022.
