Understanding the Importance of CVE Scanning with SBOMs Scanning your open source software for CVEs (Common Vulnerabilities and Exposures) is a very important maintenance step for any software project. An Introduction to CVE Scanning and SBOMs Generally, these...
Open Source Embedded Software Development and Security Blog
Enhancing Your Open Source Security: A Deep Dive into Vigishield’s Defense Strategies and Threat Prevention
Responding to Recent Attacks with Vigishield In light of recent attacks on the open source community, we've been asked if or how our tools (specifically, Vigishield) could have helped prevent them from being successful. The two most recent attacks of interest were:...
Securing Your Software: Generating SBOMs from Linux Binaries and Scanning for CVEs Without Source Code
Why Scanning for CVEs is Essential in Open Source Software Maintenance Scanning your open source software for CVEs (Common Vulnerabilities and Exposures) is a very important maintenance step for any software project. Generally, these CVEs are stored in publicly...
Securing U-Boot: A Guide to Mitigating Common Attack Vectors
Learn about ways in which you can protect and secure U-Boot implementations on your embedded systems. This involves signed FIT images, environment protections, and serial console disablement methods.
DM-Verity Without an Initramfs
Learn how you can implement file system verification on your embedded system without the use of an initramfs. This can significantly save boot time and storage requirements in many situations.
Securing your Linux Configuration (Kernel Hardening)
This article discusses the process by which your kernel’s configuration can be strengthened to protect against common security exploits. This is sometimes referred to as hardening, or specifically in this context, kernel configuration hardening.
A Linux kernel configuration is a file which defines all of the enabled (or disabled) options which are compiled in to your kernel. If you have not seen one before, they generally reside in …
Discretionary Access Control (DAC) Hardening
Discretionary Access Control hardening can further improve your embedded system’s security by limiting userspace access to proprietary intellectual property, exploitable binaries, and privileged information. The example permissions shown here are defaults produced during a demonstration Yocto build.
In Linux, a file has the following relevant parameters (when listing a file with the “ls” command):