As discussed in last week’s posting, central to the device maintenance process and keeping devices secure after they’ve been deployed is the ongoing monitoring and managing of CVEs that affect your product components. Therefore, it’s essential to have a clear view of relevant CVEs because there are many moving parts that need to be managed.
Adam Boone: Along those lines, you mentioned monitoring patches and software upgrades as one of the moving parts to be managed in a security maintenance program. What’s the challenge there?
Akshay Bhat: Patch management alone is always challenging, especially if you have a large number of open source components. You need to evaluate when to apply a patch, how the patch affects other components, what testing needs to be conducted, whether a patched component can be backported to earlier versions, and so on.
Continue reading “CVE Monitoring & Management: Timesys’ Akshay Bhat Offers Security Guidance for Embedded Open Source Systems Part 2” »
Timesys’ Director of Engineering, Akshay Bhat, presented a session on Open Source Security at the Embedded Linux Conference North America 2019 in August. For this two-part Q&A interview, our VP of Marketing Adam Boone asked Akshay to share his views on the challenges and best practices for maintaining security in Open Source Embedded System products.
Adam Boone: Why should product developers and engineering managers be familiar with CVEs and make an effort to monitor them?
Akshay Bhat: I think everyone recognizes it is important to bring products to market that are secure and that stay secure throughout their deployment lifecycles.
Continue reading “CVE Monitoring & Management: Timesys’ Akshay Bhat Offers Security Guidance for Embedded Open Source Systems Part 1” »
Too often, it seems the first notification of a software vulnerability comes from an affected customer or the publicity surrounding a high-profile data breach. Then follows the mad scramble to mitigate the vulnerability, notify customers, update products in the field and so on.
This reactive approach to vulnerability management for your embedded system products simply doesn’t fly in today’s heightened vulnerability environment.
Continue reading “Vulnerability Management: Making proactive security maintenance a part of your product support processes” »
Every week, more than 300 new vulnerabilities affecting software systems are disclosed by security reporting services such as the Common Vulnerabilities & Exposures (CVE) database operated by the US National Institute of Standards and Technology (NIST).
These vulnerabilities run the gamut of low risk security concerns to critical issues. Some vulnerabilities can allow an attacker to take control of a company’s IT systems, gain access to sensitive information, even modify or otherwise compromise critical company operational processes and data.
Continue reading “Vulnerability Management: Automation ends the pain of manual DIY security” »
Constant vigilance is the key to bringing truly secure products to market.
Constant vigilance is what you get with our new real-time security monitoring and management service, Timesys Vigiles.
We named the new service after the famed city watchmen of ancient Rome. Like them, Vigiles is constantly watching, scanning for threats, and pinpointing the security risks that need to be managed.
Continue reading “Bring more secure products to market now: Meet Timesys Vigiles™” »
Poor security of Internet of Things has led the US Federal Government to (again) consider legislation to force makers of IoT devices to improve security.
And the proposed bill comes on the heels of industry concern that IoT attacks against the US power grid are increasingly common and threaten public safety.
This week a bipartisan group of four US senators introduced the “Internet of Things (IoT) Cybersecurity Improvement Act of 2019.” An earlier version of an IoT security bill, introduced in 2017, went basically nowhere.
Continue reading “Here comes the ‘stick’ for IoT security … or can we self-police?” »
Security is becoming a critical differentiator in embedded system products across a wide range of applications.
And the tools are now available to ensure products can be more secure without sacrificing time-to-market and, in some cases, even accelerating development.
Those are key takeaways from this year’s Embedded World Exhibition and Conference that took place in Germany last week.
Continue reading “Embedded World Highlights: Build it faster & with stronger security” »
The world of embedded systems has gone through a massive transformation in recent years.
The rise of smart devices, the Internet of Things, mobile computing platforms, connected devices and a range of other innovations have driven embedded system deployments through the roof. Industry observers estimate IoT deployments alone account for 23 billion device deployments in 2018, up from 15 million in 2015. And that number is projected to triple in the next six years.
The explosion in demand has had a major impact on the makers of embedded systems and the products containing them.
Continue reading “Build it fast, and build it secure: see the latest at Embedded World” »
The deployment modes and functionality of embedded systems have evolved rapidly in recent years, thanks to widespread connectivity of Internet of Things devices and associated systems.
Yet the common security practices for most embedded systems remain largely unchanged from the days when they were isolated, air-gapped systems.
The shortfall in embedded system security is leading to sharply escalating risk of cyberbreaches. The trend is leading industry experts to advise embedded system developers to make security a top priority in design practices and product development.
Continue reading “Tracking and Maintaining the Security of Embedded Systems” »
Some product management decisions are hard. Product managers are constantly weighing trade-offs among time-to-market, functionality, competitive differentiation, development costs and other factors.
But some product decisions seem like no-brainers. Would you bring an IT product to market that puts customers at significantly increased risk of security breaches, privacy violations, potentially massive fines, and lawsuits?
“Of course not. That would be lunacy,” you can imagine the typical product manager as saying. Yet companies are shipping products every day that introduce this sort of risk into customer environments.
Continue reading “The Risks of a ‘Stale, Abandoned’ Product” »