Keeping embedded system products secure requires ongoing, constant monitoring and management of Common Vulnerabilities and Exposures (CVEs) throughout the production lifecycle.
With the constant flood of CVEs reported each week, you need to have a process for understanding the exposure of your embedded system devices to cybersecurity exploits. It is important to see how CVEs apply to your product so you can quickly address the vulnerabilities that pose the greatest risk.
Continue reading “Best practices for triaging Common Vulnerabilities & Exposures (CVEs) in embedded systems: Top Three Questions Answered” »
With 300+ vulnerabilities being reported weekly in the US National Vulnerability Database (NVD), it is more challenging than ever to maintain the security of open source and third-party software used in embedded system products. One common approach to tackle the problem is to adopt a risk-based vulnerability management strategy in which vulnerabilities that pose the highest risk to your organization are remediated first. This blog outlines how to establish such an process as part of your software development lifecycle while keeping the maintenance cost and risk of exposure low.
Continue reading “Vulnerability management and triaging” »
Securing your embedded system devices is no longer just a final step in product development.
Security today must be a continuous process, a focus at every stage of your software development, release and maintenance cycles.
That’s because today’s vulnerability environment is radically different from the past. Hundreds of vulnerabilities that may or may not affect your products come to light every week.
Continue reading “Webinar with NXP: CVE triage best practices for efficient vulnerability mitigation” »
There is an old saying among cybersecurity vulnerability management practitioners:
The “good guys” have to get it right every time.
The “bad guys” have to get it right only once.
That means that the “good guys” — the security professionals whose mission is to keep corporate data safe — need to monitor, analyze and respond to every vulnerability that puts their systems, users and data at risk.
Continue reading “Vigiles Quick Start … because securing your products doesn’t have to be hard” »
Security is critical throughout the lifetime of an embedded system. Continually changing threat environments, new deployment modes and third-party software updates mean that the BSP software for an embedded system device can no longer remain static and “frozen.”
Continue reading “BSP Lifecycle Maintenance: Top Three Questions Answered” »
A giant list of vulnerabilities does little to help you bring more secure products to market.
What matters is how you filter the list, triage the vulnerabilities, and mitigate the ones that pose the greatest risk.
That’s why the new enhancements to our Timesys Vigiles Security Monitoring & Management Service will enable you to develop more secure embedded system products today and maintain stronger product security throughout their lifecycles.
Continue reading “Vigiles Enhancements: Software Composition Analysis (SCA) & CVE Mitigation for Stronger Embedded System Security” »
To detect and correct vulnerabilities, eliminate false positives and prioritize the rest
Every embedded system device maker should want to make security a selling point, preventing breaches or exploits, not an embarrassment if a security problem occurs.
But nothing equals the liability and regulatory risk associated with medical devices.
Continue reading “Stop Chasing Vulnerability Ghosts: Why efficient vulnerability detection is essential to medical device security” »
Reducing cybersecurity risks to medical devices is essential. Regulators like the US Food and Drug Administration (FDA) have made improving medical device security a critical focus in recent years.
This means many in the medical device manufacturing community are now rethinking how the software components of their products are secured throughout their product lifecycles.
Continue reading “Medical Devices: Automated Vulnerability Monitoring for Streamlined FDA Security Compliance” »
This is a summary of a blog post published in full on NXP.com.
Connecting and being connected makes us vulnerable to hackers. With the number of IoT devices forecasted to reach 20.4 billion by 2020, the need for product security becomes even more pressing.
Continue reading “NXP Solves Vulnerability Detection Challenge for Developers with New Automated Tool” »
Designing secure products is important. But the ever-changing threat landscape means that a product may become vulnerable at any time after release.
That’s why we are excited to announce a new offering for stronger security across the full embedded system product lifecycle with our partner, Advantech.
Now, product developers using Advantech platforms incorporating NXP i.MX applications processors will have special access to the Timesys Vigiles service to continuously monitor and fix vulnerabilities in open source software components in their products.
Continue reading “Full lifecycle security now available for Advantech’s new product line based on NXP i.MX 8 series processors” »