Knowledge is power.
And knowledge of vulnerabilities affecting your products gives you the power to make them more secure.
That’s why our new Vigiles vulnerability monitoring and management service incorporates the industry’s first Targeted Vulnerability & Mitigation Tracker that pinpoints vulnerabilities affecting your specific products.
Vigiles will actively sift through thousands of reported vulnerabilities and automatically identify, monitor and track those that affect your actual product configurations and components, across all branches and versions.
This is a huge time-saver for companies that make it a priority to deliver secure products to market.
The security management knowledge produced by Vigiles’ vulnerability monitoring is captured in the Vigiles CVE Dashboard.
Vigiles brings Vigilance
Vigiles is named after the famed watchmen who vigilantly guarded ancient Rome.
We think the description is a perfect fit for our vulnerability management service because it too constantly watches and identifies risks, in this case those affecting your embedded system security.
The Vigiles CVE Dashboard is intuitive and simple to navigate while offering the ability to understand both the big picture and the detailed impact of vulnerabilities on your software components.
Once you have loaded a software manifest of the product to be monitored, Vigiles sets to work parsing through reported vulnerabilities to correlate them with the contents of your product. The results of the latest scan appear in the CVE Dashboard.
The Summary section of the dashboard (Figure 1) shows you the big picture status of your product security. It allows you to see the aggregate counts of fixed and unfixed CVEs and understand the status of CVEs of different severities.
Figure 1: Summary section of the Timesys Vigiles CVE Dashboard
This “at-a-glance” level of data is critical for understanding the overall security status of this product and for you to prioritize mitigation efforts.
Diving deeper, the Unfixed CVE section of the dashboard shows you the specific CVEs that have been reported as affecting the indicated packages and versions based on your loaded manifest.
CVEs are divided into RFS, Kernel, and Toolchain tabs (Figure 2) to make review easier and for simpler mitigation planning for the different types of components.
Figure 2: Summary section of the Timesys Vigiles CVE Dashboard
You can click on the CVE link to be taken directly to the CVE report in the Common Vulnerabilities & Exposures (CVE) database maintained by the US National Institute of Standards and Technology (NIST). There you can do an even deeper dive on the details and risks posed by that vulnerability.
The dashboard also indicates the severity of the CVE and the primary vector by which the vulnerability may be open to an exploit. Both of these pieces of information are essential for effective vulnerability triage and security management.
For example, that knowledge enables you to prioritize mitigation of high severity vulnerabilities that involve a vector that will be exposed in your particular product, depending on its configuration and deployment mode.
Vigiles Plus: Mitigation Tools
Vigiles Basic, the free version of our new service, includes the powerful CVE monitoring and analysis tools in the dashboard mentioned above.
Vigiles Plus adds security management workspace to the dashboard featuring collaboration tools that enable team members to comment, annotate, triage and plan for mitigation of vulnerabilities.
The enhanced monitoring and mitigation tools in Vigiles Plus include whitelisting of known CVEs, filtering by severity score, push notifications, and advanced reporting features.
In this way, the dashboard becomes the centerpiece of your security management process for products in development and in production after release.
In the end, the knowledge provided by Vigiles will give you the power to develop and maintain more secure products.
Timesys has extensive experience with embedded system development and lifecycle management. Timesys has been instrumental in working with global leader semiconductor manufacturers with smart, quick and quality solutions for highly complex systems with accelerated product innovation and multiple product variants.