Designing secure products is important. But the ever-changing threat landscape means that a product may become vulnerable at any time after release.
That’s why we are excited to announce a new offering for stronger security across the full embedded system product lifecycle with our partner, Advantech.
Now, product developers using Advantech platforms incorporating NXP i.MX applications processors will have special access to the Timesys Vigiles service to continuously monitor and fix vulnerabilities in open source software components in their products.
Continue reading “Full lifecycle security now available for Advantech’s new product line based on NXP i.MX 8 series processors” »
We are excited to announce a new collaboration with NXP® Semiconductors that enables product developers to maintain strong embedded system security throughout their product lifecycles.
The new offering combines our Timesys Vigiles Security Monitoring and Management Service with NXP processors to streamline and simplify security management.
As a result, developers using NXP processors in their products can automatically monitor and identify vulnerabilities in open source software components and Yocto Linux distributions rapidly and efficiently.
Continue reading “New security offering with NXP: Ensure embedded system security throughout product lifecycle” »
As discussed in last week’s posting, central to the device maintenance process and keeping devices secure after they’ve been deployed is the ongoing monitoring and managing of CVEs that affect your product components. Therefore, it’s essential to have a clear view of relevant CVEs because there are many moving parts that need to be managed.
Adam Boone: Along those lines, you mentioned monitoring patches and software upgrades as one of the moving parts to be managed in a security maintenance program. What’s the challenge there?
Akshay Bhat: Patch management alone is always challenging, especially if you have a large number of open source components. You need to evaluate when to apply a patch, how the patch affects other components, what testing needs to be conducted, whether a patched component can be backported to earlier versions, and so on.
Continue reading “CVE Monitoring & Management: Timesys’ Akshay Bhat Offers Security Guidance for Embedded Open Source Systems Part 2” »
Timesys’ Director of Engineering, Akshay Bhat, presented a session on Open Source Security at the Embedded Linux Conference North America 2019 in August. For this two-part Q&A interview, our VP of Marketing Adam Boone asked Akshay to share his views on the challenges and best practices for maintaining security in Open Source Embedded System products.
Adam Boone: Why should product developers and engineering managers be familiar with CVEs and make an effort to monitor them?
Akshay Bhat: I think everyone recognizes it is important to bring products to market that are secure and that stay secure throughout their deployment lifecycles.
Continue reading “CVE Monitoring & Management: Timesys’ Akshay Bhat Offers Security Guidance for Embedded Open Source Systems Part 1” »
Too often, it seems the first notification of a software vulnerability comes from an affected customer or the publicity surrounding a high-profile data breach. Then follows the mad scramble to mitigate the vulnerability, notify customers, update products in the field and so on.
This reactive approach to vulnerability management for your embedded system products simply doesn’t fly in today’s heightened vulnerability environment.
Continue reading “Vulnerability Management: Making proactive security maintenance a part of your product support processes” »
The product development and release maintenance cycle has many predictable elements.
You know you will face time constraints for engineering to develop, test and prepare the product for production release based on the product roadmap and schedule. You’ll likewise face constraints around engineering resources, including the people and tools needed to hit the development targets.
Continue reading “Security Maintenance: Three essential tasks for maintaining embedded system security after release” »
As discussed in last week’s posting, security often ends up taking a backseat to other considerations when you are bringing products to market or supporting ones already in production deployment.
Product managers often are faced with delivering baseline product functionality and dealing with constraints around timelines and budget. That means broader security considerations fall out of the product when these constraints force trade-offs and fundamental product requirements take priority.
Continue reading “Secure Product Management: Reducing Security Trade-offs Part 2” »
There is a decades old principle in managing any project called the “Triple Constraint” or sometimes “The Iron Triangle.”
It states that any project involves trade-offs between three constraints:
- Time: project schedule
- Cost: available resources in terms of people and budget)
- Scope: volume and comprehensiveness of features, functions, operational performance
Continue reading “Secure Product Management: Reducing Security Trade-offs Part 1” »
Knowledge is power.
And knowledge of vulnerabilities affecting your products gives you the power to make them more secure.
That’s why our new Vigiles vulnerability monitoring and management service incorporates the industry’s first Targeted Vulnerability & Mitigation Tracker that pinpoints vulnerabilities affecting your specific products.
Continue reading “CVE Monitoring: Knowledge of vulnerabilities and the power to secure your products” »
Every week, more than 300 new vulnerabilities affecting software systems are disclosed by security reporting services such as the Common Vulnerabilities & Exposures (CVE) database operated by the US National Institute of Standards and Technology (NIST).
These vulnerabilities run the gamut of low risk security concerns to critical issues. Some vulnerabilities can allow an attacker to take control of a company’s IT systems, gain access to sensitive information, even modify or otherwise compromise critical company operational processes and data.
Continue reading “Vulnerability Management: Automation ends the pain of manual DIY security” »