As discussed in last week’s posting, security often ends up taking a backseat to other considerations when you are bringing products to market or supporting ones already in production deployment.
Product managers often are faced with delivering baseline product functionality and dealing with constraints around timelines and budget. That means broader security considerations fall out of the product when these constraints force trade-offs and fundamental product requirements take priority.
Continue reading “Secure Product Management: Reducing Security Trade-offs Part 2” »
There is a decades old principle in managing any project called the “Triple Constraint” or sometimes “The Iron Triangle.”
It states that any project involves trade-offs between three constraints:
- Time: project schedule
- Cost: available resources in terms of people and budget)
- Scope: volume and comprehensiveness of features, functions, operational performance
Continue reading “Secure Product Management: Reducing Security Trade-offs Part 1” »
Knowledge is power.
And knowledge of vulnerabilities affecting your products gives you the power to make them more secure.
That’s why our new Vigiles vulnerability monitoring and management service incorporates the industry’s first Targeted Vulnerability & Mitigation Tracker that pinpoints vulnerabilities affecting your specific products.
Continue reading “CVE Monitoring: Knowledge of vulnerabilities and the power to secure your products” »
Every week, more than 300 new vulnerabilities affecting software systems are disclosed by security reporting services such as the Common Vulnerabilities & Exposures (CVE) database operated by the US National Institute of Standards and Technology (NIST).
These vulnerabilities run the gamut of low risk security concerns to critical issues. Some vulnerabilities can allow an attacker to take control of a company’s IT systems, gain access to sensitive information, even modify or otherwise compromise critical company operational processes and data.
Continue reading “Vulnerability Management: Automation ends the pain of manual DIY security” »
Constant vigilance is the key to bringing truly secure products to market.
Constant vigilance is what you get with our new real-time security monitoring and management service, Timesys Vigiles.
We named the new service after the famed city watchmen of ancient Rome. Like them, Vigiles is constantly watching, scanning for threats, and pinpointing the security risks that need to be managed.
Continue reading “Bring more secure products to market now: Meet Timesys Vigiles™” »
Poor security of Internet of Things has led the US Federal Government to (again) consider legislation to force makers of IoT devices to improve security.
And the proposed bill comes on the heels of industry concern that IoT attacks against the US power grid are increasingly common and threaten public safety.
This week a bipartisan group of four US senators introduced the “Internet of Things (IoT) Cybersecurity Improvement Act of 2019.” An earlier version of an IoT security bill, introduced in 2017, went basically nowhere.
Continue reading “Here comes the ‘stick’ for IoT security … or can we self-police?” »
Security is becoming a critical differentiator in embedded system products across a wide range of applications.
And the tools are now available to ensure products can be more secure without sacrificing time-to-market and, in some cases, even accelerating development.
Those are key takeaways from this year’s Embedded World Exhibition and Conference that took place in Germany last week.
Continue reading “Embedded World Highlights: Build it faster & with stronger security” »
Effective product security starts with good product management.
And a good product manager recognizes that product security does not stop with secure design.
Effective security demands monitoring, tracking and acting on vulnerabilities on an ongoing basis throughout the product lifecycle.
A dedicated product management approach to vulnerability management is really the only way to ensure that your end customers are not exposed to breach risk over time.
Continue reading “Is vulnerability management a regular part of your product management? (Spoiler alert: It better be.)” »
System quality requirements have never been higher. But time-to-market pressures have also never been greater. How do you meet one without sacrificing the other?
Embedded systems users expect bug free, responsive and stable applications that provide the best user experience.
The consequence of failing to meet user expectations can result in more than just application abandonment. With the power of social media, it also can quickly lead to a tarnished brand, resulting in lost revenue opportunities from both current and future users.
At the same time, increasing competition and security issues are leading to shorter development and delivery schedules, and quicker deployment of product updates and security fixes. So application failure or releasing a product with major bugs is not an option.
Continue reading “Continuous Testing Delivers Quality with Faster Time-to-Market” »
The world of embedded systems has gone through a massive transformation in recent years.
The rise of smart devices, the Internet of Things, mobile computing platforms, connected devices and a range of other innovations have driven embedded system deployments through the roof. Industry observers estimate IoT deployments alone account for 23 billion device deployments in 2018, up from 15 million in 2015. And that number is projected to triple in the next six years.
The explosion in demand has had a major impact on the makers of embedded systems and the products containing them.
Continue reading “Build it fast, and build it secure: see the latest at Embedded World” »