Is your product the “Volvo” of embedded system products? For decades, carmaker Volvo has been known as a maker of safe vehicles.
While all makes of cars are generally much safer than in decades past, and some observers rank some other brands’ models higher in safety, there is no dispute that Volvo has made safety a cornerstone of its brand. Like other car brands have focused on qualities like luxury, reliability or the driving experience, Volvo has emphasized safety as a chief value of its products.
Perhaps soon we will see a Volvo-style strategy emerging from the makers of embedded system devices and the Internet of Things (IoT). In fact, with the volume of security vulnerabilities reaching an all-time high, there’s a prime opportunity for a device maker to become known market-wide as a “security first” product developer whose customers are more protected from cyberattack.
Continue reading “Vulnerabilities keep piling up … time to make security a product differentiator?” »
The vulnerability storm continues unabated.
The count of security vulnerabilities has reached another annual record, with six weeks remaining in the calendar year. This week the number of Common Vulnerabilities and Exposures (CVEs) hit 14,722, eclipsing last year’s total of 14,714, according to the tracking totals at CVE Details.
Continue reading “Another record year in vulnerabilities as the CVE storm continues” »
Security of smart devices is getting worse, says a penetration testing expert, who blames suppliers of connected devices that ignore security and privacy issue notifications.
Is the answer more security regulations and laws, or is it better product strategy?
Computer Weekly reported this week on security expert Ken Munro’s comments in a conference presentation in which he blasted many embedded system suppliers for not seeming to care about securing their products.
Continue reading “Will more embedded device makers fix security before massive fines force them to do it?” »
Patch management remains a major headache for enterprises, according to researchers and security experts. With reported security vulnerabilities now climbing into the tens of thousands each year, busy IT departments struggle to identify and analyze the vulnerabilities that apply to their systems, and to manage all the patching needed to mitigate risks.
And the Internet of Things (IoT) poses even greater challenges for patch management.
Continue reading “Patch management for better embedded system security” »
The Yocto Project is well known for enabling product developers to quickly and easily customize Linux for Internet of Things (IoT) devices and other embedded systems. But today’s environment is marked by heightened security concerns, skyrocketing vulnerability reports, and high-profile security breaches.
Getting your embedded system product to market fast is important. But getting to market fast without a secure design and a plan for managing future vulnerabilities is a huge mistake. If you design, build and support products with embedded Linux using Yocto, it’s important to evaluate security of your system from the point of view of the end customer who will deploy it.
Continue reading “Monitoring and managing vulnerabilities for embedded systems built with Yocto” »
A classic security breach vector involves exploiting weak authentication. As security researchers like to point out, failing to change default passwords for administrative access remains the top security issue for all types of IT systems.
But a related — and perhaps more devious — attack vector involves exploiting a weakness in a process that is supposed to help ensure device security in the first place: the remote system update.
Continue reading “Security vulnerabilities and medical devices: when the software update itself is the problem” »
Embedded system products are often deployed by IT managers struggling with a longstanding tradeoff: Should you sacrifice IT performance to make IT more secure?
The performance-or-security tradeoff has been the subject of technology research and industry analysis for many years. The analysis often focuses on issues like network performance or business application performance and how security measures may impede or otherwise affect throughput or access. Continue reading “Embedded system security and the IT performance tradeoff” »
Researchers and the technology media are reporting that the average application now contains more open source software components than proprietary code. And the use of open source components in embedded systems such as Internet of Things (IoT) devices likewise is on the rise.
How is this trend affecting awareness of embedded system security and open source security best practices? If you bring embedded system products to market with open source components, how do these systems affect your customers’ security postures?
To evaluate these questions, it helps to explore how enterprises test and measure the security of IT systems.
Continue reading “Security testing of embedded open source systems creates a stronger enterprise security posture” »
We’re on the verge of setting another annual record in the number of security vulnerabilities being reported. And more and more vulnerability exploits are targeting the Internet of Things.
Botnet exploits are going after IP cameras. Smart home technologies are being hacked. Even children’s toys are being hacked and used for covert surveillance. And in one bizarre case, hackers gained access to a casino’s systems through a smart thermometer in the lobby fish tank.
But these cases raise the question of what really is a vulnerability?
Continue reading “Security vulnerabilities and the Internet of Things” »
The number of security vulnerabilities continues to skyrocket. After setting a record last year, the number of reported Common Vulnerabilities and Exposures (CVEs) is on pace to set yet another record this year.
In 2017, more than 14,000 CVEs were reported, affecting a vast range of devices, systems and applications. So far in 2018, more than 12,000 CVEs have been reported, and if that pace continues, we should move past last year’s record number in the next two months.
Continue reading “Vulnerability management for Internet of Things and embedded systems” »