A Timesys Deep Dive Embedded Systems Newsletter

September 2021

WHAT’S INSIDE

Cybersecurity in the news: a bad security flaw and a worse security bulletin
New (free!) ebook: Cybersecurity Primer for IoT/Embedded Devices
Embedded Board Farm feature preview: New APIs, easy test framework integration
Upcoming events: Secure OTA updates webinar, Vigiles demo webcast
Try out new software and get rewarded

Cybersecurity in the News

A Bad Security Flaw, and A Worse Security Bulletin — Travis CI Flaw Exposed Secrets of Thousands of Open Source Projects

According to reporting by Ax Sharma at Ars Technica, “A security flaw in Travis CI potentially exposed the secrets of thousands of open source projects that rely on the hosted continuous integration service. Travis CI is a software-testing solution used by over 900,000 open source projects and 600,000 users. A vulnerability in the tool made it possible for secure environment variables — signing keys, access credentials, and API tokens of all public open source projects — to be exfiltrated.”

While the flaw was patched relatively quickly, the developer community was infuriated by the way Travis CI handled the situation. The Travis team silently patched the issue after 3 days of pressure, without so much as a security report or warning to their users. Making matters worse, they then issued a two-sentence security bulletin with no mention of culpability, recommending that all users cycle their secrets on a regular basis.

Read the Full Article

Need a streamlined process to track, patch, and document vulnerabilities?

Start your Free 30 Day Trial of Vigiles Prime

New (Free!) ebook

Cybersecurity Primer for IoT/Embedded Systems

Get early access to the results from our industry-wide survey

Developing a forward-looking strategy to keep an IoT device secure throughout its lifecycle has become a challenging task, but one that is absolutely imperative.

Luckily, we’re here to help shed some light on the process.

Request your copy of Timesys’ new e-book, Cybersecurity Primer for IoT/Embedded Devices, which provides an overview of the IoT device security lifecycle and highlights all the considerations in securing and maintaining IoT devices.

Get The e-book Now

What’s New at Timesys

Preview of Embedded Board Farm features coming in October: New APIs, easy test framework integration

Using REST APIs, run any test automation on EBF
- Allows integration with test frameworks (including Robot Framework), CI systems, build systems, test case management software
New APIs and CLI support
- Measure power consumed by board
- On-demand video recording and image capture
Support for NXP UUU flash tools
- EBF integrates new flashing tools for remotely updating your i.MX boards
Easier software installation and upgrade process
- Deploy the entire EBF infrastructure and manage it from a central location with a new installer for EBF server zombies and app zombies, plus remote upgrades of all components

Upcoming Events

Timesys-NXP Webinar

Secure the Edge: Secure Software Updates — Designing OTA Updates For Secure Embedded Linux Systems

October 6, 2021 • 3:00 PM – 4:00 PM EDT / Noon – 1:00 PM PDT

Building a secure embedded Linux-based device is a good start. But maintaining a strong security posture throughout your device’s production deployment and long-term maintenance is just as critical. As the number of software vulnerabilities has exploded, customers are increasingly at risk of a data breach exploit if embedded system software is not updated to the latest available security fixes. At the same time, the update process must be secure to ensure it does not become an attack vector itself.

Join NXP and Timesys for this upcoming webinar and learn how you can design and maintain secure OTA updates for embedded Linux-based systems.

Register Now

NXP Vigiles Demo Webcast:
Supercharge your vulnerability management

December 9, 2021 • 11:00am – 12:00pm EDT / 8:00am – 9:00am PDT

Join NXP and Timesys for a demo webcast that explores industry best practices to create a process for maintaining effective embedded system security using the NXP Vigiles vulnerability monitoring and management tool. We’ll discuss:

How to choose the right tool for embedded system security maintenance and achieving industry compliance
Demo of the NXP Vigiles tool and latest features with a look at how it plugs into the software development workflow (Jira integration, license and policy alerts, manifest comparison, new APIs and more)
Preview of upcoming Vigiles Prime features

Pre-register Here

Join Our Vigiles User Trial

We Want Your Feedback

Do you need to get a handle on CVEs affecting your products?

We’re running a user trial to better understand how companies are currently managing product security. Fill out our form to see if you qualify.

Vigiles User Trial Form

$50 gift card or donation available for eligible participants.

Learn More

Industry-wide cybersecurity survey, Timesys’ new look, and more

August 2021

New Vigiles features include new APIs for data visualization plus ability to easily see filtered and fixed CVEs

July 2021

Vigiles supports FreeRTOS, Zephyr & Mbed – use our manifest creator tool to create reports and monitor vulnerabilities

June 2021

Timesys Embedded Board Farm (EBF) launched; enables remote access to hardware for software dev, test automation, and debugging

Subscribe to our newsletter so you don’t miss a thing.

Sign Me Up