Security is critical throughout the lifetime of an embedded system. Continually changing threat environments, new deployment modes and third-party software updates mean that the BSP software for an embedded system device can no longer remain static and “frozen.”
Continue reading “BSP Lifecycle Maintenance: Top Three Questions Answered” »
A giant list of vulnerabilities does little to help you bring more secure products to market.
What matters is how you filter the list, triage the vulnerabilities, and mitigate the ones that pose the greatest risk.
That’s why the new enhancements to our Timesys Vigiles Security Monitoring & Management Service will enable you to develop more secure embedded system products today and maintain stronger product security throughout their lifecycles.
Continue reading “Vigiles Enhancements: Software Composition Analysis (SCA) & CVE Mitigation for Stronger Embedded System Security” »
To detect and correct vulnerabilities, eliminate false positives and prioritize the rest
Every embedded system device maker should want to make security a selling point, preventing breaches or exploits, not an embarrassment if a security problem occurs.
But nothing equals the liability and regulatory risk associated with medical devices.
Continue reading “Stop Chasing Vulnerability Ghosts: Why efficient vulnerability detection is essential to medical device security” »
Reducing cybersecurity risks to medical devices is essential. Regulators like the US Food and Drug Administration (FDA) have made improving medical device security a critical focus in recent years.
This means many in the medical device manufacturing community are now rethinking how the software components of their products are secured throughout their product lifecycles.
Continue reading “Medical Devices: Automated Vulnerability Monitoring for Streamlined FDA Security Compliance” »
This is a summary of a blog post published in full on NXP.com.
Connecting and being connected makes us vulnerable to hackers. With the number of IoT devices forecasted to reach 20.4 billion by 2020, the need for product security becomes even more pressing.
Continue reading “NXP Solves Vulnerability Detection Challenge for Developers with New Automated Tool” »
Designing secure products is important. But the ever-changing threat landscape means that a product may become vulnerable at any time after release.
That’s why we are excited to announce a new offering for stronger security across the full embedded system product lifecycle with our partner, Advantech.
Now, product developers using Advantech platforms incorporating NXP i.MX applications processors will have special access to the Timesys Vigiles service to continuously monitor and fix vulnerabilities in open source software components in their products.
Continue reading “Full lifecycle security now available for Advantech’s new product line based on NXP i.MX 8 series processors” »
We are excited to announce a new collaboration with NXP® Semiconductors that enables product developers to maintain strong embedded system security throughout their product lifecycles.
The new offering combines our Timesys Vigiles Security Monitoring and Management Service with NXP processors to streamline and simplify security management.
As a result, developers using NXP processors in their products can automatically monitor and identify vulnerabilities in open source software components and Yocto Linux distributions rapidly and efficiently.
Continue reading “New security offering with NXP: Ensure embedded system security throughout product lifecycle” »
As discussed in last week’s posting, central to the device maintenance process and keeping devices secure after they’ve been deployed is the ongoing monitoring and managing of CVEs that affect your product components. Therefore, it’s essential to have a clear view of relevant CVEs because there are many moving parts that need to be managed.
Adam Boone: Along those lines, you mentioned monitoring patches and software upgrades as one of the moving parts to be managed in a security maintenance program. What’s the challenge there?
Akshay Bhat: Patch management alone is always challenging, especially if you have a large number of open source components. You need to evaluate when to apply a patch, how the patch affects other components, what testing needs to be conducted, whether a patched component can be backported to earlier versions, and so on.
Continue reading “CVE Monitoring & Management: Timesys’ Akshay Bhat Offers Security Guidance for Embedded Open Source Systems Part 2” »
Timesys’ Director of Engineering, Akshay Bhat, presented a session on Open Source Security at the Embedded Linux Conference North America 2019 in August. For this two-part Q&A interview, our VP of Marketing Adam Boone asked Akshay to share his views on the challenges and best practices for maintaining security in Open Source Embedded System products.
Adam Boone: Why should product developers and engineering managers be familiar with CVEs and make an effort to monitor them?
Akshay Bhat: I think everyone recognizes it is important to bring products to market that are secure and that stay secure throughout their deployment lifecycles.
Continue reading “CVE Monitoring & Management: Timesys’ Akshay Bhat Offers Security Guidance for Embedded Open Source Systems Part 1” »
Every week, more than 300 new vulnerabilities affecting software systems are disclosed by security reporting services such as the Common Vulnerabilities & Exposures (CVE) database operated by the US National Institute of Standards and Technology (NIST).
If you develop embedded systems or embedded devices, keeping pace with the constant flood of new vulnerabilities, knowing which directly affect your products, and having the ability to quickly analyze them, is essential in keeping your products secure throughout their lifecycle.
Continue reading “Open Source CVE Monitoring and Management: Learn the Latest at Embedded Linux Conference 2019” »