A Timesys Deep Dive Embedded Systems Newsletter
WHAT’S INSIDE
Cybersecurity in the News: Unpatched DNS Bug Affects Millions of Routers and IoT Devices
According to Bleeping Computer: “A vulnerability in the domain name system (DNS) component of a popular C standard library that is present in a wide range of IoT products may put millions of devices at DNS poisoning attack risk. A threat actor can use DNS poisoning or DNS spoofing to redirect the victim to a malicious website hosted at an IP address on a server controlled by the attacker instead of the legitimate location.”
Need more info on these vulnerabilities?
Want to stay ahead of threats? Lucky you: we launched the Timesys CVE Dashboard updated weekly with details on the dangerous security vulnerabilities that could be affecting your device.
Security, simplified.
In today’s heightened cyber threat environment, connected embedded systems for industrial controls, transportation, navigation, communications, aerospace, military applications, healthcare devices, logistics systems, and many others require uncompromising security at deployment and throughout their product lifecycles.
What’s the key to managing device security? Implement security early in its design.
With VigiShield Secure by Design, we can ensure your device is not running tampered software by verifying its authenticity before execution, protect IP and sensitive user information by encrypting data/software, help you determine how to update/deploy software securely and deny unauthorized software installs, and much more.
Avoid production delays by securing your software supply chain.
Avoid the rework and cost overruns that come with deploying security too late in design. Leverage detailed SBOMs and an end-to-end framework to ensure the integrity of your software supply chain.
For more information about what VigiShield Secure by Design can do, read our VigiShield Secure By Design for Yocto article in our blog library.
Introducing Vigiles Enterprise
Take advantage of our purpose-built vulnerability management tool, Vigiles
This best-in-class vulnerability monitoring and remediation tool combines a curated CVE database, continuous security feed based on your SBOM, powerful filtering, and easy triage tools so you don’t get blindsided by vulnerabilities.
Single sign-on (SSO)
Companies that use identity management systems can leverage SSO and have employees sign in to Vigiles using their corporate identity. This facilitates easy provisioning of Vigiles to users. Vigles Enterprise (Beta) currently supports Azure AD as the Identity Provider (IdP) for SAML SSO.
Groups functionality
The Groups feature makes it easier for you to collaborate within teams (internal and external) while allowing you to restrict access on a need basis. The group structure is as follows:
- Organization: the highest level of grouping; for example, the entire company (and/or external clients you work with)
- Groups: the second highest level of grouping; for example, your division
- Sub-Group: the third level of grouping; for example, your project/product team
- Folders: Organize/manage SBOMs within folders; for example, a product release folder
Members of the organization can be added to multiple groups or subgroups based on the desired level of visibility and access.
Vigiles Enterprise provides four different types of members/users:
- Admin can manage Vigiles instance, organizations, and add/remove members to organization (+ all of maintainer permissions)
- Maintainer can create/manage groups and add/remove members to groups (+ all of developer permissions)
- Developer can upload/manage SBOM’s and CVE reports, integrations (+ all of guest permissions)
- Guest access to SBOMs and CVE reports
Learn with Timesys
Read up on embedded security with our two latest blogs
DM-Verity Without an Initramfs
Learn how you can implement file system verification on your embedded system without the use of an initramfs. This can significantly save boot time and storage requirements in many situations.
Securing U-Boot: A Guide to Mitigating Common Attack Vectors
Upcoming Events
Conferences Around the World You Don’t Want to Miss
NXP Tech Day Minneapolis
Global Training Program
June 2, Minneapolis, MN
Join us for an insightful presentation: 5 Things You Need to Know About Cybersecurity for Industrial Control Systems & Medical Devices: Mitigate Risk with Proactive Security Processes.
Embedded Technology Convention USA 2022
Embedded Technologies & Systems Showcase
June 8-9, Las Vegas, NV
Join us at the Embedded Tech Convention with 5000 of our closest friends! Discover the latest technological innovations and trends, expand your industry knowledge and extend your global professional network.
Embedded World 2022
Exhibition & Conference
June 21-23, Nuremberg
Will you be at Embedded World this year? We’re excited to showcase our latest security solutions as a featured partner with our friends at STMicroelectronics.
Embedded Linux
Conference (ELC) 2022
Even More Board Farm Goodness
June 21-24, Austin, Texas + Virtual
Join us for an update on work to create a standard API between automated tests and board farm hardware and software! Part of Open Source Summit, ELC is for companies and developers using Linux in embedded products. It gathers the technical experts working on embedded systems and applications for education and collaboration, paving the way for transformation in these important and far reaching areas.
Security Vulnerability Management 101
Tool & Techniques to Monitor and Remediate Vulnerabilities in Your SBOMIn this monthly live webinar and Q&A session, you’ll learn:
– Why you need to manage your open-source software risks
– How to generate an accurate SBOM (Software Bills of Materials) and why it matters
– Tools and techniques to monitor and remediate vulnerabilities in your SBOM
– And much more!
