A Timesys Deep Dive Embedded Systems Newsletter
September 2021
WHAT’S INSIDE
- Cybersecurity in the news: a bad security flaw and a worse security bulletin
- New (free!) ebook: Cybersecurity Primer for IoT/Embedded Devices
- Embedded Board Farm feature preview: New APIs, easy test framework integration
- Upcoming events: Secure OTA updates webinar, Vigiles demo webcast
- Try out new software and get rewarded
Cybersecurity in the News
A Bad Security Flaw, and A Worse Security Bulletin — Travis CI Flaw Exposed Secrets of Thousands of Open Source ProjectsAccording to reporting by Ax Sharma at Ars Technica, “A security flaw in Travis CI potentially exposed the secrets of thousands of open source projects that rely on the hosted continuous integration service. Travis CI is a software-testing solution used by over 900,000 open source projects and 600,000 users. A vulnerability in the tool made it possible for secure environment variables — signing keys, access credentials, and API tokens of all public open source projects — to be exfiltrated.”
While the flaw was patched relatively quickly, the developer community was infuriated by the way Travis CI handled the situation. The Travis team silently patched the issue after 3 days of pressure, without so much as a security report or warning to their users. Making matters worse, they then issued a two-sentence security bulletin with no mention of culpability, recommending that all users cycle their secrets on a regular basis.
Need a streamlined process to track, patch, and document vulnerabilities?
New (Free!) ebook
Cybersecurity Primer for IoT/Embedded Systems
Developing a forward-looking strategy to keep an IoT device secure throughout its lifecycle has become a challenging task, but one that is absolutely imperative.
Luckily, we’re here to help shed some light on the process.
Request your copy of Timesys’ new e-book, Cybersecurity Primer for IoT/Embedded Devices, which provides an overview of the IoT device security lifecycle and highlights all the considerations in securing and maintaining IoT devices.
Preview of Embedded Board Farm features coming in October: New APIs, easy test framework integration
- Using REST APIs, run any test automation on EBF
- Allows integration with test frameworks (including Robot Framework), CI systems, build systems, test case management software
- New APIs and CLI support
- Measure power consumed by board
- On-demand video recording and image capture
- Support for NXP UUU flash tools
- EBF integrates new flashing tools for remotely updating your i.MX boards
- Easier software installation and upgrade process
- Deploy the entire EBF infrastructure and manage it from a central location with a new installer for EBF server zombies and app zombies, plus remote upgrades of all components
Upcoming Events
Timesys-NXP Webinar
Secure the Edge: Secure Software Updates — Designing OTA Updates For Secure Embedded Linux Systems
October 6, 2021 • 3:00 PM – 4:00 PM EDT / Noon – 1:00 PM PDT
Building a secure embedded Linux-based device is a good start. But maintaining a strong security posture throughout your device’s production deployment and long-term maintenance is just as critical. As the number of software vulnerabilities has exploded, customers are increasingly at risk of a data breach exploit if embedded system software is not updated to the latest available security fixes. At the same time, the update process must be secure to ensure it does not become an attack vector itself.
Join NXP and Timesys for this upcoming webinar and learn how you can design and maintain secure OTA updates for embedded Linux-based systems.
NXP Vigiles Demo Webcast:
Supercharge your vulnerability management
December 9, 2021 • 11:00am – 12:00pm EDT / 8:00am – 9:00am PDT
Join NXP and Timesys for a demo webcast that explores industry best practices to create a process for maintaining effective embedded system security using the NXP Vigiles vulnerability monitoring and management tool. We’ll discuss:
- How to choose the right tool for embedded system security maintenance and achieving industry compliance
- Demo of the NXP Vigiles tool and latest features with a look at how it plugs into the software development workflow (Jira integration, license and policy alerts, manifest comparison, new APIs and more)
- Preview of upcoming Vigiles Prime features
Join Our Vigiles User Trial
We Want Your FeedbackDo you need to get a handle on CVEs affecting your products?
We’re running a user trial to better understand how companies are currently managing product security. Fill out our form to see if you qualify.
$50 gift card or donation available for eligible participants.