Managing Updates at Scale for IoT Devices:
Reducing the CVE “Discovery-to-Fix” Gap
By the year 2020, Gartner predicts that 95% of new electronic product designs will contain Internet of Things (IoT) technology; Forbes expects 80 billion devices to be available by 2025. The device deployments alone are massive compared to that of traditional IT. For example, the number of enterprises deploying more than 50,000 IoT devices doubled in just the past year.
With open source used in just about every commercial product in every industry, the number of IoT devices using embedded open source components will surely continue to rapidly increase. That means the number of potential security threats will, too.
When you consider the number of IoT devices in the field and the number of CVEs discovered every year, finding and addressing vulnerability issues that are relevant to your product and updating all your deployed devices is a daunting task that can take a dangerously long time. But addressing these vulnerabilities is critical to protecting your customers from major breach risks, so you must find a way to reduce the time it takes to implement critical security fixes once weaknesses are discovered.
When it comes to managing IoT updates at scale, Timesys can help shorten the cycle between discovering the vulnerability and implementing the patch. Timesys’ TRST (Threat Resistance Security Technology) Product Protection Solutions includes our Security Vulnerability and Patch Notification Service, which enables you to manage vulnerabilities more effectively — so you can apply critical security fixes to deployed IoT devices in the quickest time possible.
The Timesys Security Vulnerability Notification service alerts you to only the vulnerabilities that are relevant to your specific software configuration. The CVE report you receive provides you with severity scores and links to detailed information about the relevant vulnerabilities.
The Timesys Patch Notification service provides you with the status information for vulnerabilities as well as links to the fixes. And when it comes to applying the security patches into your software, you can selectively apply the fixes, enabling you to remain confidently in control of what gets updated.
To help you easily manage your notifications, Timesys’ Security Vulnerability and Patch Notification Service includes accesses to your personal online Security Notification Management dashboard — where you can view the CVE reports and CVE history for all of your software configurations.
Fill out the form to schedule a personal review of how TRST can help your products stay secure by helping you manage IoT updates at scale.
Want to talk to us about how your embedded software based IoT products can be more secure?
Just fill out the form below, and we will be in touch within one business day to schedule a personalized call.
* Denotes required field.
80 billion IoT devices by 2025.*
When you consider the number of IoT devices in the field and the number of CVEs discovered every year, reducing the gap between vulnerability discovery and applying critical security fixes has never been more important.
Timesys Security Vulnerability and Patch Notification Service
As long as there are security vulnerabilities, there will be “discovery-to-fix” gaps. We can help you efficiently manage IoT updates at scale, so you can reduce the gap and stay secure.
No work for you
Because the TRST team maintains the Timesys CVE manager database for you, the amount of time spent having to monitor CVEs yourself is eliminated.
Filter out the noise
You receive notification of vulnerabilities relevant to only your open source software, which means less information you need to sort through.
Get notification when you want it
You decide how you want to receive notification, enabling you to get it when you need it.
Access CVE details easily
Whether via command-line or web, you can access detailed information about a known CVE via the direct links provided.
Always know what is affected
You can subscribe to Notification for each and every build.
Track changes conveniently
The report history for all configurations is available in one place, making it quick and easy to see what’s changed — newly discovered CVEs and fixed CVEs.
Locate fixes easily
You can add or update the meta-timesys-security layer, where the TRST team has added available updates and patches.
Remain in control
With Timesys’ Patch Notification service, you can selectively apply patches … so you decide what gets updated.
Related Security Resources
Timesys Security Blog
Timesys Security Video
Timesys Security Vulnerability and
Patch Notification Service for Yocto
Timesys Security Video