A Timesys Deep Dive Embedded Systems Newsletter

September 2021

Cybersecurity in the News

A Bad Security Flaw, and A Worse Security Bulletin — Travis CI Flaw Exposed Secrets of Thousands of Open Source Projects

According to reporting by Ax Sharma at Ars Technica, “A security flaw in Travis CI potentially exposed the secrets of thousands of open source projects that rely on the hosted continuous integration service. Travis CI is a software-testing solution used by over 900,000 open source projects and 600,000 users. A vulnerability in the tool made it possible for secure environment variables — signing keys, access credentials, and API tokens of all public open source projects — to be exfiltrated.”

While the flaw was patched relatively quickly, the developer community was infuriated by the way Travis CI handled the situation. The Travis team silently patched the issue after 3 days of pressure, without so much as a security report or warning to their users. Making matters worse, they then issued a two-sentence security bulletin with no mention of culpability, recommending that all users cycle their secrets on a regular basis.

Need a streamlined process to track, patch, and document vulnerabilities?

Start your Free 30 Day Trial of Vigiles Prime

New (Free!) ebook

Cybersecurity Primer for IoT/Embedded Systems

Get early access to the results from our industry-wide survey

Developing a forward-looking strategy to keep an IoT device secure throughout its lifecycle has become a challenging task, but one that is absolutely imperative.

Luckily, we’re here to help shed some light on the process.

Request your copy of Timesys’ new e-book, Cybersecurity Primer for IoT/Embedded Devices, which provides an overview of the IoT device security lifecycle and highlights all the considerations in securing and maintaining IoT devices.

What’s New at Timesys

Preview of Embedded Board Farm features coming in October: New APIs, easy test framework integration

  • Using REST APIs, run any test automation on EBF
    • Allows integration with test frameworks (including Robot Framework), CI systems, build systems, test case management software
  • New APIs and CLI support
    • Measure power consumed by board
    • On-demand video recording and image capture
  • Support for NXP UUU flash tools
    • EBF integrates new flashing tools for remotely updating your i.MX boards
  • Easier software installation and upgrade process
    • Deploy the entire EBF infrastructure and manage it from a central location with a new installer for EBF server zombies and app zombies, plus remote upgrades of all components
Get early access to the results from our industry-wide survey

Upcoming Events

Timesys-NXP Webinar

Secure the Edge: Secure Software Updates — Designing OTA Updates For Secure Embedded Linux Systems


October 6, 2021 • 3:00 PM – 4:00 PM EDT / Noon – 1:00 PM PDT

Building a secure embedded Linux-based device is a good start. But maintaining a strong security posture throughout your device’s production deployment and long-term maintenance is just as critical. As the number of software vulnerabilities has exploded, customers are increasingly at risk of a data breach exploit if embedded system software is not updated to the latest available security fixes. At the same time, the update process must be secure to ensure it does not become an attack vector itself.

Join NXP and Timesys for this upcoming webinar and learn how you can design and maintain secure OTA updates for embedded Linux-based systems.

NXP Vigiles Demo Webcast:
Supercharge your vulnerability management


December 9, 2021 • 11:00am – 12:00pm EDT / 8:00am – 9:00am PDT

Join NXP and Timesys for a demo webcast that explores industry best practices to create a process for maintaining effective embedded system security using the NXP Vigiles vulnerability monitoring and management tool. We’ll discuss:

  • How to choose the right tool for embedded system security maintenance and achieving industry compliance
  • Demo of the NXP Vigiles tool and latest features with a look at how it plugs into the software development workflow (Jira integration, license and policy alerts, manifest comparison, new APIs and more)
  • Preview of upcoming Vigiles Prime features

Join Our Vigiles User Trial

We Want Your Feedback

Do you need to get a handle on CVEs affecting your products?

We’re running a user trial to better understand how companies are currently managing product security. Fill out our form to see if you qualify.

$50 gift card or donation available for eligible participants.

Subscribe to our newsletter so you don’t miss a thing.