LinuxLink Login   |   1.866.392.4897 |   sales@timesys.com

Security Notice: The Timesys TRST team is working to integrate patches for Spectre and Meltdown as they become available. You can view details here.

Stay Secure: Timesys’ Security Vulnerability and Patch Notification Service

Security notification tailored to your software platform + Patch/upgrade = Peace of mind

With the increasing rate of information-security vulnerabilities and the unpredictability of discoveries, the manual process of keeping up with the newly discovered vulnerabilities for your device software is not feasible. Timesys helps reduce the time and costs associated with maintaining software security through its automated Security Vulnerability and Patch Notification Service.

How Timesys’ Security Vulnerability and Patch Notification Service Works

Timesys help you stay secure

Timesys’ Threats Response Security Team (TRST)

At the core is TRST — a team of embedded Linux engineers that constantly monitors security issues that impact open source software being used by Timesys customers and updates the Timesys CVE manager and repositories.

How It Works

discover and identify vulnerabilities

1. Discover and Identify

The Timesys Security Team utilizes a Timesys-built Common Vulnerabilities and Exposures (CVE) manager to gather information from nvd.nist.gov and security mailing lists and identify security issues relevant to the code in the Timesys source code repository.

analyze cve state

2. Analyze

The Timesys Security Team then analyzes the state of the vulnerability (known vulnerability with available patch or update vs. known vulnerability with no fix available).

add security updates

3. Update and Patch

The Timesys Security Team adds available security updates and patches to the code in the Timesys source code repository, including meta-timesys-security.

Timesys’ Security Vulnerability Notification Service

Timesys’ Security Vulnerability Notification finds known security issues (CVEs) that are specific to your product. The notification includes the fixed and unfixed CVEs for the unique version of each software component built.

How It Works

get security notification

4. Get Notification

To determine if any security issues are known to affect your project in Timesys’ Yocto Project Café or Factory desktop development environment, you can pull notification by running a checkcves command.

You have the option to store your workorder(s) or manifest(s) in Timesys’ web development environment and get push notification for each.

Timesys’ Patch Notification Service

Timesys’ Patch Notification Service simplifies the process of finding and applying security updates and patches to your software. Our Patch Notification Service allows you to selectively apply fixes and remain in control of what gets updated.

How It Works

get security patch

5. Get Patch

You add or update the meta-timesys-security layer. (meta-timesys-security is where the TRST team continually adds available security updates and patches for the current and previous two Yocto versions.)

apply security patch

6. Apply Patch

You determine which CVEs you want to fix and configure your recipes (.bbappend) to selectively include the patches.

Related Security Resources

Timesys University Webinar Series
May 17 – July 12, 2018 | Sponsored by:

Reduce Risk with RISC:
Designing and Maintaining Secure Embedded Linux Devices with Advantech RISC Platforms

View Details

Timesys Security Video

Timesys' Patch Notification Service
 

Timesys Security Video

Timesys' Security Vulnerability and Patch Notification Service for Yocto

Timesys Security Video

Timesys' Security Vulnerability and Patch Notification Service for Factory

Timesys CVE Notification

View a Sample of Timesys' CVE Report

meta-timesys Yocto Layer

Try Timesys' Security ‘Pull’ Notification for Yocto

Additional Security Resources

Timesys Security Video

Secure Boot on i.MX 6Quad Powered Advantech DMS-BA16 Qseven Module

Want to learn more about Timesys’ Security Vulnerability and Patch Notification Service?

We’d be happy to answer your questions and provide you with more information about how Timesys solutions can make your developments more secure and up-to-date while helping reduce development time and lifecycle management costs. To contact us, simply fill out our online form, email us at sales@timesys.com or call us at 1.866.392.4897 (toll-free) or +1.412.232.3250.

Contact Us