Need to lock down security for your device? Schedule a 30-minute security consultation with Timesys experts.
|
Embedded Systems
A Timesys Deep Dive
September 2021
|
|
|
Cybersecurity in the news
A bad security flaw, and a worse security bulletin — Travis CI flaw exposed secrets of thousands of open source projects
According to reporting by Ax Sharma at Ars Technica, “A security flaw in Travis CI potentially exposed the secrets of thousands of open source projects that rely on the hosted continuous integration service. Travis CI is a software-testing solution used by over 900,000 open source projects and 600,000 users. A vulnerability in the tool made it possible for secure environment variables — signing keys, access credentials, and API tokens of all public open source projects — to be exfiltrated.”
While the flaw was patched relatively quickly, the developer community was infuriated by the way Travis CI handled the situation. The Travis team silently patched the issue after 3 days of pressure, without so much as a security report or warning to their users. Making matters worse, they then issued a two-sentence security bulletin with no mention of culpability, recommending that all users cycle their secrets on a regular basis.
Read the full article here: https://arstechnica.com/information-technology/2021/09/travis-ci-flaw-exposed-secrets-for-thousands-of-open-source-projects/
Need a streamlined process to track, patch, and document vulnerabilities?
|
New (free!) ebook
Cybersecurity Primer for IoT/Embedded Systems
Developing a forward-looking strategy to keep an IoT device secure throughout its lifecycle has become a challenging task, but one that is absolutely imperative.
Luckily, we’re here to help shed some light on the process.
Request your copy of Timesys’ new e-book, Cybersecurity Primer for IoT/Embedded Devices, which provides an overview of the IoT device security lifecycle and highlights all the considerations in securing and maintaining IoT devices.
|
What’s New at Timesys
Preview of Embedded Board Farm features coming in October: New APIs, easy test framework integration
- Using REST APIs, run any test automation on EBF
- Allows integration with test frameworks (including Robot Framework), CI systems, build systems, test case management software
- New APIs and CLI support
- Measure power consumed by board
- On-demand video recording and image capture
- Support for NXP UUU flash tools
- EBF integrates new flashing tools for remotely updating your i.MX boards
- Easier software installation and upgrade process
- Deploy the entire EBF infrastructure and manage it from a central location with a new installer for EBF server zombies and app zombies, plus remote upgrades of all components
Run any test automation on Timesys EBF
|
Upcoming Events
|
|
Timesys-NXP Webinar
Secure the Edge: Secure Software Updates — Designing OTA Updates For Secure Embedded Linux Systems
October 6, 2021 • 3:00 PM - 4:00 PM EDT / Noon - 1:00 PM PDT
Building a secure embedded Linux-based device is a good start. But maintaining a strong security posture throughout your device’s production deployment and long-term maintenance is just as critical. As the number of software vulnerabilities has exploded, customers are increasingly at risk of a data breach exploit if embedded system software is not updated to the latest available security fixes. At the same time, the update process must be secure to ensure it does not become an attack vector itself.
Join NXP and Timesys for this upcoming webinar and learn how you can design and maintain secure OTA updates for embedded Linux-based systems.
|
|
|
|
Timesys-NXP Webinar
NXP Vigiles Demo Webcast: Supercharge your vulnerability management
Save the date: December 9, 2021 • 11:00am - 12:00pm EDT / 8:00am - 9:00am PDT
Join NXP and Timesys for a demo webcast that explores industry best practices to create a process for maintaining effective embedded system security using the NXP Vigiles vulnerability monitoring and management tool. We’ll discuss:
- How to choose the right tool for embedded system security maintenance and achieving industry compliance
- Demo of the NXP Vigiles tool and latest features with a look at how it plugs into the software development workflow (Jira integration, license and policy alerts, manifest comparison, new APIs and more)
- Preview of upcoming Vigiles Prime features
|
|
|
We Want Your Feedback
|
|
Join Our Vigiles User Trial
Do you need to get a handle on CVEs affecting your products?
We’re running a user trial to better understand how companies are currently managing product security. Fill out our form to see if you qualify.
|
$50 gift card or donation available for eligible participants. |
|
|
©2021 Timesys Corporation. 1905 Boulevard of the Allies, Pittsburgh, PA 15219
Timesys, the Timesys logo and Vigiles are trademarks or registered trademarks of Timesys Corporation. Linux is a registered trademark of Linus Torvalds in the United States and other countries. All other company and product names mentioned are trademarks and/or registered trademarks of their respective owners. |
|