Every week, more than 300 new vulnerabilities affecting software systems are disclosed by security reporting services such as the Common Vulnerabilities & Exposures (CVE) database operated by the US National Institute of Standards and Technology (NIST).
These vulnerabilities run the gamut of low risk security concerns to critical issues. Some vulnerabilities can allow an attacker to take control of a company’s IT systems, gain access to sensitive information, even modify or otherwise compromise critical company operational processes and data.
Continue reading “Vulnerability Management: Automation ends the pain of manual DIY security” »
Constant vigilance is the key to bringing truly secure products to market.
Constant vigilance is what you get with our new real-time security monitoring and management service, Timesys Vigiles.
We named the new service after the famed city watchmen of ancient Rome. Like them, Vigiles is constantly watching, scanning for threats, and pinpointing the security risks that need to be managed.
Continue reading “Bring more secure products to market now: Meet Timesys Vigiles™” »
Poor security of Internet of Things has led the US Federal Government to (again) consider legislation to force makers of IoT devices to improve security.
And the proposed bill comes on the heels of industry concern that IoT attacks against the US power grid are increasingly common and threaten public safety.
This week a bipartisan group of four US senators introduced the “Internet of Things (IoT) Cybersecurity Improvement Act of 2019.” An earlier version of an IoT security bill, introduced in 2017, went basically nowhere.
Continue reading “Here comes the ‘stick’ for IoT security … or can we self-police?” »
Security is becoming a critical differentiator in embedded system products across a wide range of applications.
And the tools are now available to ensure products can be more secure without sacrificing time-to-market and, in some cases, even accelerating development.
Those are key takeaways from this year’s Embedded World Exhibition and Conference that took place in Germany last week.
Continue reading “Embedded World Highlights: Build it faster & with stronger security” »
Effective product security starts with good product management.
And a good product manager recognizes that product security does not stop with secure design.
Effective security demands monitoring, tracking and acting on vulnerabilities on an ongoing basis throughout the product lifecycle.
A dedicated product management approach to vulnerability management is really the only way to ensure that your end customers are not exposed to breach risk over time.
Continue reading “Is vulnerability management a regular part of your product management? (Spoiler alert: It better be.)” »
The world of embedded systems has gone through a massive transformation in recent years.
The rise of smart devices, the Internet of Things, mobile computing platforms, connected devices and a range of other innovations have driven embedded system deployments through the roof. Industry observers estimate IoT deployments alone account for 23 billion device deployments in 2018, up from 15 million in 2015. And that number is projected to triple in the next six years.
The explosion in demand has had a major impact on the makers of embedded systems and the products containing them.
Continue reading “Build it fast, and build it secure: see the latest at Embedded World” »
The deployment modes and functionality of embedded systems have evolved rapidly in recent years, thanks to widespread connectivity of Internet of Things devices and associated systems.
Yet the common security practices for most embedded systems remain largely unchanged from the days when they were isolated, air-gapped systems.
The shortfall in embedded system security is leading to sharply escalating risk of cyberbreaches. The trend is leading industry experts to advise embedded system developers to make security a top priority in design practices and product development.
Continue reading “Tracking and Maintaining the Security of Embedded Systems” »
Some product management decisions are hard. Product managers are constantly weighing trade-offs among time-to-market, functionality, competitive differentiation, development costs and other factors.
But some product decisions seem like no-brainers. Would you bring an IT product to market that puts customers at significantly increased risk of security breaches, privacy violations, potentially massive fines, and lawsuits?
“Of course not. That would be lunacy,” you can imagine the typical product manager as saying. Yet companies are shipping products every day that introduce this sort of risk into customer environments.
Continue reading “The Risks of a ‘Stale, Abandoned’ Product” »
The motivation of hackers sometimes can be plain as day. Other times, not so much.
As attacks on Internet of Things (IoT) devices and deployments escalate, it is important to understand what these attackers are trying to accomplish. Understanding these motives, after all, can help us to pinpoint why a security vulnerability represents a risk, to prioritize mitigation and defenses, and to focus responses to attacks.
Continue reading “Who is attacking IoT? What do they want?” »
This week we announced a new release of our TimeStorm Integrated Development Environment (IDE). TimeStorm 5.3.2 IDE is designed to streamline, simplify and accelerate the development of secure Internet of Things (IoT) and embedded Linux applications.
In an era of heightened awareness of embedded software security and device security risks, product developers need to be able to adopt security best practices without delaying the development and release of new products.
Continue reading “New IDE version produces shorter time-to-market for secure IoT devices and embedded Linux applications” »