Stay Secure: Timesys Security Vulnerability and Patch Notification Service
Security notification tailored to your software platform + Patch/upgrade = Peace of mind
With the increasing rate of information-security vulnerabilities and the unpredictability of discoveries, the manual process of keeping up with the newly discovered vulnerabilities for your device software is not feasible. Timesys helps reduce the time and costs associated with maintaining software security through its automated Security Vulnerability and Patch Notification Service.
At the core is Timesys’ Threats Response Security Team (TRST) — a team of embedded Linux engineers that constantly monitors security issues that impact open source software being used by Timesys customers and updates the Timesys CVE manager and repositories.
Timesys’ Security Vulnerability Notification Service
Timesys’ Security Vulnerability Notification finds known security issues (CVEs) that are specific to your product. The notification includes the fixed and unfixed CVEs for the particular version of each software component built.
Security Vulnerability Notification: How It Works
Discover and Identify
The Timesys Security Team utilizes a Timesys-built Common Vulnerabilities and Exposures (CVE) manager to gather/pull information from nvd.nist.gov and security mailing lists and identify security issues relevant to the code in the Timesys source code repository.
The Timesys Security Team then analyzes the state of the vulnerability (known vulnerability with available patch or update vs. known vulnerability with no fix available).
Update and Patch
The Timesys Security Team adds available security updates and patches to the code in the Timesys source code repository.
To determine if any security issues are known to affect their device / build, customers using Timesys’ Yocto Project Café or Factory desktop development environment can pull notification by running a checkcves command.
All customers can optionally store their workorder(s) or manifest(s) in Timesys’ web development environment and get push notification for each.
Timesys’ Automated BSP Security Monitoring and Update Management Service
Eliminate the Time Spent Monitoring CVEs Yourself
With Timesys’ Security Notification, tracking relevant security vulnerabilities for your build is easy. You have access to on-demand notification that enables you to request a list of fixed CVEs as well as potentially unresolved security issues that are relevant for only the software components used in your particular configuration.
Integrate Updates and Patches with Confidence
With the Timesys Security Update service, it’s easy to apply updates and security patches into your software, and you remain in control of what gets updated.
Related Security Resources
Timesys Security Video
Timesys' Security Vulnerability and Patch Notification Service for Yocto
Timesys Security Video
Timesys' Security Vulnerability and Patch Notification Service for Factory
Timesys CVE Notification
View a Sample of Timesys' CVE Report
meta-timesys Yocto Layer
Try Timesys' Security ‘Pull’ Notification for Yocto
Additional Security Resources
Want to learn more about Timesys’ Security Vulnerability and Patch Notification Service?
We’d be happy to answer your questions and provide you with more information about how Timesys solutions can make your developments more secure and up-to-date while helping reduce development time and lifecycle management costs. To contact us, simply fill out our online form, email us at email@example.com or call us at 1.866.392.4897 (toll-free) or +1.412.232.3250.