Timesys Device Security Solutions
Make the challenge of long-term compliance and maintaining a secure product easier for your client
Timesys Device Security Solutions
Make the challenge of long-term compliance and maintaining a secure product easier for your client
Linux OS long-term maintenance and security compliance is complex and time-consuming. With Linux OS/BSP Maintenance, we make it simple.
Every industry has a slew of compliance requirements:
Connected Devices: UL 2900-1 — ANSI/CAN/UL Standard for Software Cybersecurity for Network-Connectable Products
Medical: FDA Premarket and Postmarket Security Guidance, IEC 62304, NEMA Requirements for Manufacturer Disclosure Statement for Medical Device Security, and NEMA MDS2 Requirements
IIoT & Industrial: IEC 62443, ISA99, IEC 29147 and 30111 for Vulnerability Handling and Disclosure, NERC CIP Standards, NIST Special Publication 800-82, UK CPNI Internet of Things and Industrial Control Systems guidelines
IoT: ETSI EN 303 645 — Cyber Security for Consumer Internet of Things, NIST 8259 Foundational Cybersecurity Activities for IoT Device Manufacturers, 8259A IoT Device Cybersecurity Capability Core Baseline
Automotive: ISO/SAE 21434, European WP.29 Compliance, NHTSA Draft 2020 recommendations for Software and Firmware Security
Linux OS/BSP Maintenance simplifies meeting these requirements:
Create an accurate Software Bill of Materials (SBOM)
Monitor and manage vulnerabilities for 3rd party software
Keep software updated with security fixes
Provide documentation of lifecycle security processes
What if you could recommend to your client a robust Linux OS/BSP maintenance solution that is tailored to their product to help maintain its long-term security and keep it compliant throughout the product lifecycle?
Timesys Linux OS/BSP Maintenance
Long-term Security Updates and Maintenance for Linux OS/BSPs
Timesys Linux OS/BSP Maintenance
How It Works
Set Up
Baseline
We set up a baseline that includes:
- Adding your client’s custom board into the Timesys Embedded Board Farm
- Adding your client’s BSP code into a private Git repo that only you, your client and Timesys can access
- Running a driver test
Review
Reports
We provide monthly vulnerability reports, and on a quarterly basis we jointly review them to determine what updates and patches you want us to apply.
Integrate Patches / Updates / Backports
We integrate security patches / package updates and backports for your BSP as per the quarterly review.
Validate Custom
Linux OS
After integrating patches / updates, we validate the BSP by comparing the driver tests against the baseline.
Deliver Updated BSP
& Reports
We deliver updated BSP and validation reports for comparison with the previous report.