LinuxLink Login   |   1.866.392.4897 |    |  Contact Us          
Vulnerability Management: Automation ends the pain of manual DIY security

Vulnerability Management: Automation ends the pain of manual DIY security

Every week, more than 300 new vulnerabilities affecting software systems are disclosed by security reporting services such as the Common Vulnerabilities & Exposures (CVE) database operated by the US National Institute of Standards and Technology (NIST).

These vulnerabilities run the gamut of low risk security concerns to critical issues. Some vulnerabilities can allow an attacker to take control of a company’s IT systems, gain access to sensitive information, even modify or otherwise compromise critical company operational processes and data.

Continue reading “Vulnerability Management: Automation ends the pain of manual DIY security” »

Bring more secure products to market now: Meet Timesys Vigiles™

Bring more secure products to market now: Meet Timesys Vigiles™

Constant vigilance is the key to bringing truly secure products to market.

Constant vigilance is what you get with our new real-time security monitoring and management service, Timesys Vigiles.

We named the new service after the famed city watchmen of ancient Rome. Like them, Vigiles is constantly watching, scanning for threats, and pinpointing the security risks that need to be managed.

Continue reading “Bring more secure products to market now: Meet Timesys Vigiles™” »

Here comes the ‘stick’ for IoT security … or can we self-police?

Here comes the ‘stick’ for IoT security … or can we self-police?

Poor security of Internet of Things has led the US Federal Government to (again) consider legislation to force makers of IoT devices to improve security.

And the proposed bill comes on the heels of industry concern that IoT attacks against the US power grid are increasingly common and threaten public safety.

This week a bipartisan group of four US senators introduced the “Internet of Things (IoT) Cybersecurity Improvement Act of 2019.” An earlier version of an IoT security bill, introduced in 2017, went basically nowhere.

Continue reading “Here comes the ‘stick’ for IoT security … or can we self-police?” »

Embedded World Highlights: Build it faster & with stronger security

Embedded World Highlights: Build it faster & with stronger security

Security is becoming a critical differentiator in embedded system products across a wide range of applications.

And the tools are now available to ensure products can be more secure without sacrificing time-to-market and, in some cases, even accelerating development.

Those are key takeaways from this year’s Embedded World Exhibition and Conference that took place in Germany last week.

Continue reading “Embedded World Highlights: Build it faster & with stronger security” »

Build it fast, and build it secure: see the latest at Embedded World

Build it fast, and build it secure: see the latest at Embedded World

The world of embedded systems has gone through a massive transformation in recent years.

The rise of smart devices, the Internet of Things, mobile computing platforms, connected devices and a range of other innovations have driven embedded system deployments through the roof. Industry observers estimate IoT deployments alone account for 23 billion device deployments in 2018, up from 15 million in 2015. And that number is projected to triple in the next six years.

The explosion in demand has had a major impact on the makers of embedded systems and the products containing them.

Continue reading “Build it fast, and build it secure: see the latest at Embedded World” »

Tracking and Maintaining the Security of Embedded Systems

Tracking and Maintaining the Security of Embedded Systems

The deployment modes and functionality of embedded systems have evolved rapidly in recent years, thanks to widespread connectivity of Internet of Things devices and associated systems.

Yet the common security practices for most embedded systems remain largely unchanged from the days when they were isolated, air-gapped systems.

The shortfall in embedded system security is leading to sharply escalating risk of cyberbreaches. The trend is leading industry experts to advise embedded system developers to make security a top priority in design practices and product development.

Continue reading “Tracking and Maintaining the Security of Embedded Systems” »

The Risks of a ‘Stale, Abandoned’ Product

The Risks of a ‘Stale, Abandoned’ Product

Some product management decisions are hard. Product managers are constantly weighing trade-offs among time-to-market, functionality, competitive differentiation, development costs and other factors.

But some product decisions seem like no-brainers. Would you bring an IT product to market that puts customers at significantly increased risk of security breaches, privacy violations, potentially massive fines, and lawsuits?

“Of course not. That would be lunacy,” you can imagine the typical product manager as saying. Yet companies are shipping products every day that introduce this sort of risk into customer environments.

Continue reading “The Risks of a ‘Stale, Abandoned’ Product” »

On-Premises Board Farm Cloud

On-Premises Board Farm Cloud

In the past few years, there has been an explosive growth in the use of various types of mobile and IoT devices and use of open source based operating systems like Linux and Android. These use cases have forced application developers to test their applications against a rising number of devices with their current and legacy versions of operating systems.

This trend has made the Board Farm concept into an effective and efficient tool for solving these expanding test challenges, especially if configured as a cloud.

Forced Trade-offs

The time-to-market (TTM) for a new product introduction (NPI) is usually gated by working hardware and firmware that can eventually be certified for launch by the Quality Assurance department. A closer look at the schedule will show you that development is pretty much serialized due to the availability of working hardware boards at various stages of development for departments like platform, application development, test, manufacturing test, and then final QA.

Usually, the hardware group is either at the end of its Engineering Validation Test cycle or at the beginning of its Design Validation Test (DVT) cycle when the software team receives the minimum number of required hardware boards and is at peak code development stage.

Worse yet, the test team may get boards while DVT may be over or if luck has it, is in progress. Hence the huge risk exists of uncovering a hardware issue at this stage by either test or, to lesser extent, the software team.

Such fixes at this late stage are very expensive, and therefore, end up in negotiations over forced trade-offs with product management. And then compromises are made, essentially lowering either the quality or the value of the product.

A Universal Tool

The board farm cloud (BFC), which is becoming an essential solution for testing against numerous combinations of settings and versions of products, can be made even more useful if it can help avoid these forced trade-offs caused by board availability constraints. The BFC can offer an excellent ROI by itself, and moreover, it can provide an even higher value to the company if it can be used by departments other than Engineering.

The following use cases draw out the features which make the BFC a universal tool across the company.

Shortening the Production Development Schedule

In this first use case, using a BFC that allows remote access and shared hardware results in fewer pieces of hardware built. That in turn lowers R&D project cost, increasing the NPV and lowering the payback period.

The main advantage of sharing is that it gives much earlier access to the software platform/firmware team, allowing them to begin software development and testing earlier, and thus shrinking the project timeline and shortening TTM.

All of this takes place without the hardware engineer giving up physical access to the board next to him/her and it increases the percentage of time the board may be available for sharing with other teams.

Improving Product Quality

This second use case stems from the departments of QA and DevOps, which often have conflicting priorities. While DevOps is under pressure to deliver product to market quickly, QA’s objective is to test as much as possible to ensure the highest quality product.

In addition, these teams have to deal with verifying larger combinations of supported hardware, further increasing complexity and putting pressure on the release schedule.

If the BFC supports integration with CI/CD systems and can interface with a test automation framework, it can help reduce this pressure.

By triggering a system like Jenkins, and utilizing Test Automation Software, one can easily set up a dedicated CI/CD test environment over dedicated shared boards and run automated System and/or Scenario based testing automatically.

Furthermore, a scalable BFC allows for the connecting of a large number of Devices under test (DUT). So as new version of hardware and/or software becomes available, it can easily be tested using CI and test automation as per spec on features functionality, stress, and interconnectivity with previous released versions, thus improving the quality.

Performing Customer Demos and Evaluation

A third and a good use case example is Sales demo. Salespeople need boards for performing demos and for helping their customers with product evaluation.

A BFC allows salespeople to demo remotely by logging into an existing BFC, eliminating the need for them to carry any hardware, and in turn, reducing the quantity of hardware pieces needed for sales teams.

And having the ability for salespeople to remotely load customer demos/applications onto hardware enables customers to evaluate products on a relevant and more personal level. Hence that brings the requirements of not only remote access to a BFC, but also an intuitive and well-designed UI that allows full control of the embedded system via web.

Delivering Focused Customer Engineering Support

The fourth use case is customer Support engineering. If all legacy products and current products are accessible in a centralized manner on a BFC, customer problem reports (tickets) can be reproduced with less time spent on finding the right hardware and software combination and booting older products.

This would make the job of support personnel more focused, in terms of understanding and writing the ticket and issue reproduction. This brings board allocation and job queuing functionality requirements to a BFC.

Managing Product Inventory

The fifth use case is Product engineering. At times, developing or interfacing a new subsystem into an existing customer setup is required as a proof of concept or for test purposes.

If a BFC has a set of GPIOs, Bus extensions like I2C, and usertoggled USB/Ethernet connections through hot plugs, and if all are under software control, then that allows for easier build out of new capability in smaller/standalone pieces before building it all in one system.

In addition to the use cases above, there are other use cases for manufacturing, marketing, and engineering.

Timesys On-Premises Board Farm Cloud

The Timesys On-Premises BFC started out doing a simple setup for the embedded hardware. However, as more features were integrated to support different use cases, the Timesys On-Premises BFC evolved into a unique solution that bridges the geographical gap and presents the shared hardware as if it is locally sitting next to the user with full control.

It has all the features described above to make it a useful product that brings value to multiple departments with one investment in capital equipment.

The Timesys On-Premises BFC is a centrally located Master with the necessary software that forms the core of BFC (plus the TAS, if added) connected to various Zombies that are placed at various locations around the corporation, as long as the Zombie has network connectivity to the Master (Figure 1).

Timesys On-Premises Board Farm Cloud

Figure 1: Timesys On-Premises Board Farm Cloud (BFC)

The Timesys On-Premises BFC is architected with Rest APIs so any Test Automation framework can be plugged in easily (Figure 2).

Timesys On-Premises Board Farm Cloud

Figure 2: Rest APIs for Test Automation

Some of the key features of Timesys On-Premises BFC are: Centralized Management, Dashboards, accessible from anywhere via a web browser, Rest API for Test Automation, Remote Power Cycle, Console Access, easily customizable (support for different Power modules), various boot options (SD card, network, USB), Expansion capability (I2C, USB buses, GPIO pins), SD mux, Ethernet and USB Hot plugs, Built-in App/Test server, etc.

Some of the benefits of the Timesys On-Premises BFC are: private behind your firewall and totally under your control, common infrastructure for test automation, boards at remote locations available to everyone, Sales/Field demo, Remote board debugging, Remote viewing (Live streaming), and inventory and health of boards.

To learn more about the Timesys On-Premises BFC, contact us.

Dr. Rakesh Thapar is CTO of Application Services and Test Automation at Timesys. His industry experience spans over 35 years of working in software and hardware product development intertwined with teaching and academia. Rakesh holds a PhD in computer engineering from Boston University, an MS degree in electrical engineering from Colorado State University and a BS degree in electrical engineering from the University of Roorkee.

About Timesys

Timesys has extensive experience with embedded system development and lifecycle management. Timesys has been instrumental in working with global leader semiconductor manufacturers with smart, quick and quality solutions for highly complex systems with accelerated product innovation and multiple product variants.

Who is attacking IoT? What do they want?

Who is attacking IoT? What do they want?

The motivation of hackers sometimes can be plain as day. Other times, not so much.

As attacks on Internet of Things (IoT) devices and deployments escalate, it is important to understand what these attackers are trying to accomplish. Understanding these motives, after all, can help us to pinpoint why a security vulnerability represents a risk, to prioritize mitigation and defenses, and to focus responses to attacks.

Continue reading “Who is attacking IoT? What do they want?” »

Progress toward IoT security … a little less conversation, a little more action please

Progress toward IoT security … a little less conversation, a little more action please

Research, reporting and commentary about Internet of Things security has made a flurry of technology headlines over the past several years. And industry observers are commenting that IoT security may finally be gaining the attention it deserves among technology decision makers.

So will 2019 be a milestone year for IoT security?

Or will more IoT security failures lead to more industry regulation, more vendor criticism and more conversation, not enough action?

Continue reading “Progress toward IoT security … a little less conversation, a little more action please” »

Click to Hide Advanced Floating Content

Timesys Vigiles™
Vulnerability Management