A Timesys Deep Dive Embedded Systems Newsletter
May 2021
WHAT’S INSIDE
- Cybersecurity in the News: Pres. Biden’s new Executive Order
- Case study: Medical Device Manufacturer brings secure product to market with 70% cost savings
- Improve vulnerability management efficiency with Vigiles + Black Duck
- New Vigiles features: CVSS & policy alerts
- New TimeStorm IDE releases enable secure IoT and Yocto-based applications
- CVEs you need to know about
Secure By Design NXP Series Webinar On-Demand
Secure Software Updates: Designing OTA Updates for secure embedded Linux systems
Cybersecurity in the News
Linux and Open-Source Communities Rise to Biden’s Cybersecurity ChallengePresident Biden issued an Executive Order to bolster cybersecurity in the federal government and beyond. Open-source software is specifically named in the EO. Will you be ready to comply with the new guidelines?
Timesys can help get you there. Get best-in-class vulnerability monitoring & management with Vigiles.
Infection control company collaborates with Timesys to bring medical product to market with 70% cost savings
Vigiles + Black Duck = improved efficiency and productivity for OS & app security
How much time could you save with 85% fewer CVEs to analyze? Learn how Black Duck & Vigiles work in tandem to drastically reduce your workload while optimizing your security solution with function-specific tools.
Vigiles Prime new feature: Automatic alerts for non-authorized license type and for CVEs exceeding CVSS score threshold
Timesys has added the ability to add CVSS and Licensing alerts to Vigiles, assisting you with policy management.
Vigiles CVSS Alerts help ensure that developers do not introduce packages with high/critical CVEs into your product software.
The Vigiles License Alerts let you identify/flag license violations with the company policy, such as a package with an unapproved license being installed on target device, helping your team stay in compliance with policy enforcement.
You can choose to receive notification of CVSS and License alerts via email or to have an issue created in Jira.
Find more information about the new features in the Vigiles Changelog.
Only available with Vigiles Prime.
Latest TimeStorm IDE Releases Further Enable Efficient Development of Secure IoT and Yocto-based embedded Linux applications
- Added Java 11 support
- Added LTTng UST for running UST (User Space Tracer) on remote targets
- Added support for remote debugging of C/C++ and Python for Debian OS running on hardware target
- Fixed Linked Resources issue for C/C++ Projects
- Fixed miscellaneous compiler settings swapped between C and C++ issue
We’ve also released version 5.4.1 with above features — a maintenance release based on Eclipse Project 5.4.0.
Existing TimeStorm users can access these latest releases and documentation from within the LinuxLink portal.
Vigiles Alert: Linux CVEs you need to know about
Sign up or sign in to view CVE information in Vigiles.
CVE-2020-32399 — Linux kernel vulnerability
Problem Type: Race Condition
CVSSv3 Score: 7.0 (High)
Description: net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller.
CVE-2020-32020 — FreeRTOS kernel
Problem Type: Buffer Overflow
CVSSv3 Score: 9.8 (Critical)
Description: The kernel in Amazon Web Services FreeRTOS before 10.4.3 has insufficient bounds checking during management of heap memory.
Run a Vigiles scan to see if your system is exposed. Don’t have a Vigiles account? Register now to try it free.
CVE-2019-27097
Problem Type: Insufficient Information
CVSSv3 Score: 7.8 (High)
Description: The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT.