A Timesys Deep Dive Embedded Systems Newsletter

May 2021

Cybersecurity in the News

Linux and Open-Source Communities Rise to Biden’s Cybersecurity Challenge

President Biden issued an Executive Order to bolster cybersecurity in the federal government and beyond. Open-source software is specifically named in the EO. Will you be ready to comply with the new guidelines?

Timesys can help get you there. Get best-in-class vulnerability monitoring & management with Vigiles.

Get Started with Vigiles Now
Case Study

Infection control company collaborates with Timesys to bring medical product to market with 70% cost savings

Get early access to the results from our industry-wide survey
Get early access to the results from our industry-wide survey
Black Duck & Vigiles work in tandem

Vigiles + Black Duck = improved efficiency and productivity for OS & app security

How much time could you save with 85% fewer CVEs to analyze? Learn how Black Duck & Vigiles work in tandem to drastically reduce your workload while optimizing your security solution with function-specific tools.

Vigiles Prime new feature: Automatic alerts for non-authorized license type and for CVEs exceeding CVSS score threshold

Timesys has added the ability to add CVSS and Licensing alerts to Vigiles, assisting you with policy management.

Vigiles CVSS Alerts help ensure that developers do not introduce packages with high/critical CVEs into your product software.

The Vigiles License Alerts let you identify/flag license violations with the company policy, such as a package with an unapproved license being installed on target device, helping your team stay in compliance with policy enforcement.

You can choose to receive notification of CVSS and License alerts via email or to have an issue created in Jira.

Vigiles CVSS alerts and Licensing alerts help you with policy management

Find more information about the new features in the Vigiles Changelog.

Only available with Vigiles Prime.

Latest TimeStorm IDE Releases Further Enable Efficient Development of Secure IoT and Yocto-based embedded Linux applications

Timesys recently released TimeStorm 5.5.0 — a new release based on Eclipse Project 2020-09. In addition to updating to the Eclipse Project 2020-09 baseline, this release includes the following:

  • Added Java 11 support
  • Added LTTng UST for running UST (User Space Tracer) on remote targets
  • Added support for remote debugging of C/C++ and Python for Debian OS running on hardware target
  • Fixed Linked Resources issue for C/C++ Projects
  • Fixed miscellaneous compiler settings swapped between C and C++ issue

We’ve also released version 5.4.1 with above features — a maintenance release based on Eclipse Project 5.4.0.

Existing TimeStorm users can access these latest releases and documentation from within the LinuxLink portal.

TRY TIMESTORM FREE

Vigiles Alert: Linux CVEs you need to know about

Sign up or sign in to view CVE information in Vigiles.

CVE-2020-32399 — Linux kernel vulnerability
Problem Type: Race Condition
CVSSv3 Score: 7.0 (High)
Description: net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller.

CVE-2020-32020 — FreeRTOS kernel
Problem Type: Buffer Overflow
CVSSv3 Score: 9.8 (Critical)
Description: The kernel in Amazon Web Services FreeRTOS before 10.4.3 has insufficient bounds checking during management of heap memory.

Run a Vigiles scan to see if your system is exposed. Don’t have a Vigiles account? Register now to try it free.

CVE-2019-27097
Problem Type: Insufficient Information
CVSSv3 Score: 7.8 (High)
Description: The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT.

Subscribe to our newsletter so you don’t miss a thing.