A Timesys Deep Dive Embedded Systems Newsletter

January 2022

Cybersecurity in the News: Organizations Face a ‘Losing Battle’ Against Vulnerabilities

Companies must take more ‘innovative and proactive’ approaches to security in 2022 to combat threats that emerged last year, researchers say

From the Colonial Pipeline attack and the explosion of ransomware to the supply chain emerging as a “primary attack surface,” 2021 was a banner year for cybersecurity attacks.

And according to an annual security report from Bugcrowd, the attacks have become even more sophisticated: some groups track critical vulnerabilities that haven’t yet been detected by organizations, finding the gaps where they can strike and exploit the CVEs.

These trends have made one thing very clear: a proactive security approach is an absolute necessity for 2022. Read the full article here.

Ready to get proactive in the vulnerability battle? Try out our Vigiles vulnerability monitoring and remediation tool – free for 30 days.

What’s New at Timesys

SBOM Management Just Got Easier with the Latest Vigiles Release

Vigiles, our best-in-class CVE monitoring and remediation tool, is the only Software Composition Analysis tool that’s optimized for embedded. And with the latest release of Vigiles (December 2021), we’ve added two key features:

1. Export your Software Bill of Materials

(SBOM) in SPDX format

SPDX format is an international open standard for SBOMs that communicates information including components, licenses, copyrights, and security references. This feature is helpful for tracking packages, reporting, audits, and streamlining and improving compliance.

Get early access to the results from our industry-wide survey

2. Vigiles Supports OpenWrt

Vigiles supports all major Linux build system integrations including Yocto, Buildroot, Timesys Factory, PetaLinux, Wind River Linux, PTXdist, and now, OpenWrt.

With this latest feature, you can track CVEs filed against OpenWrt.

Get early access to the results from our industry-wide survey
Our Gift To You: A Nerdy Cybersecurity Video Game

Timesys CVE Invaders

Tired of chasing vulnerabilities all day? Have you ever dreamed of shooting them with a laser to make them go away? Now is your chance: try our new CVE mitigation game, CVE Invaders!

Use your old-school video game skills and the powerful Vigiles scan tool to defeat CVEs and bugs. Eliminate enough CVEs to meet the minimum security requirement, and move on to the next level. Just like in real life, the CVEs will keep coming, but as you sharpen your skills and use the right tools, you’ll get better and faster at defeating them. Ready to play?

Learn with Timesys

5 Lessons Learned From the Log4j Vulnerability…and How the Embedded Industry Can Be Better Prepared for the Next One

What can we learn from this historic attack? Read the full post for five key takeaways for embedded:

In Case You Missed It

Watch our latest presentations on-demand

Vigiles Demo Webcast with NXP: Supercharge your vulnerability management

Timesys-NXP webinar and demo

  • How to choose the right tool for embedded system security maintenance and achieving industry compliance
  • Vigiles demo & new features (Jira integration, license and policy alerts, manifest comparison, new APIs)


Using Yocto to Secure Your Device: From Development to Production

Timesys-NXP webinar and demo

  • How to leverage Yocto’s extensibility and flexibility to streamline development and keep products secure
  • Key security ideas and their implementation in Yocto for different stages of development


Sneak Preview: You’ve Got Questions – We’ve Got Answers

A monthly embedded cybersecurity webinar + live Q&A

Starting next month, we’ll be hosting a monthly webinar + live session with our technical specialists. The first part of the session will focus on a rotating series of cybersecurity and embedded topics, while the second part will be a live, open forum for questions. Ask all your burning questions and get answers from the technical experts you trust.

Keep an eye out for your invite!

What topics would you like to see us cover? Just reply to this email with your questions and ideas.

Can’t wait until next month?

Last Chance to Get Early Access to Survey Results

We Want Your Feedback

5 days left to participate in the 5-minute IoT Device Manufacturer Security Survey

We are conducting an industry-wide, global survey to better understand where IoT device manufacturers are on their cybersecurity journey, and we want to hear from you.

All participants will get early access to the results, and 5 participants will randomly be selected to receive a USD$50 Visa gift card.

Survey closes February 1, 2022.

Take the Survey

Subscribe to our newsletter so you don’t miss a thing.