LinuxLink Login   |   1.866.392.4897 |    |  Contact Us          

TRST Stay Secure: Timesys Security Vulnerability and Patch Notification

Security notification tailored to your software platform + Patch/upgrade = Peace of mind

With the increasing rate of information-security vulnerabilities and the unpredictability of discoveries, the manual process of keeping up with newly discovered vulnerabilities for your device software is not feasible. Timesys helps reduce the time and costs associated with maintaining software security through its automated Security Vulnerability and Patch Notification.

How Timesys Security Vulnerability and Patch Notification Works

Timesys help you stay secure

Timesys TRST Team

At the core is our TRST team of embedded Linux engineers that constantly monitors security issues that impact open source software being used by Timesys customers, and updates the Timesys CVE manager and repositories.

How It Works

discover and identify vulnerabilities

1. Discover and Identify

The Timesys TRST Team utilizes a Timesys-built Common Vulnerabilities and Exposures (CVE) manager to gather information from and security mailing lists and identify security issues relevant to the code in the Timesys source code repository.

analyze cve state

2. Analyze

The Timesys TRST Team then analyzes the state of the vulnerability (known vulnerability with available patch or update vs. known vulnerability with no fix available).

Timesys Security Vulnerability Notification

Timesys Security Vulnerability Notification finds known security issues (CVEs) that are specific to your product. The notification includes the fixed and unfixed CVEs for the unique version of each software component built.

How It Works

get security notification

3. Get Notification

To determine if any security issues are known to affect your project in Timesys’ Yocto Project Café or Factory desktop development environment, you can pull notification by running a checkcves command.

You you can upload your software component list to Timesys’ LinuxLink portal and get push notification for each.


4. Triage

Triage a CVE by collaborating with other members of your team. You can also ignore a CVE by adding it to the whitelist.

Timesys Patch Notification

Timesys Patch Notification simplifies the process of finding and applying security updates and patches to your software. Our Patch Notification allows you to selectively apply fixes and remain in control of what gets updated.

How It Works

apply security patch

5. Patch

You are notified of the minimum kernel version and provided with the link to the associated patch for each kernel CVE. You determine which CVEs you want to fix and selectively apply the patches.

Timesys Security Vulnerability and Patch Notification

We can’t stop the security threats from coming. But we can help you stay secure with tools for managing vulnerabilities in your open source embedded software.

No work for you

Because the TRST team maintains the Timesys CVE manager database for you, the amount of time spent having to monitor CVEs yourself is eliminated.

Filter out the noise

You receive notification of vulnerabilities relevant to only your open source software, which means less information you need to sort through.

Get notification when you want it

You decide how you want to receive notification, enabling you to get it when you need it.

Access CVE details easily

Whether via command-line or web, you can access detailed information about a known CVE via the direct links provided.

Always know what is affected

You can subscribe to Notification for each and every build.

Track changes conveniently

The report history for all configurations is available in one place, making it quick and easy to see what’s changed — newly discovered CVEs and fixed CVEs.

Locate fixes easily

You can add or update the meta-timesys-security layer, where the TRST team has added available updates and patches.

Remain in control

With the Timesys Patch Notification service, you can selectively apply patches … so you decide what gets updated.

Want to learn more about Timesys Security Vulnerability and Patch Notification?

We’d be happy to answer your questions and provide you with more information about how Timesys TRST Product Protection Solutions can make your developments more secure and up-to-date while helping you reduce development time and lifecycle management costs. To contact us, simply fill out our online form, email us at or call us at 1.866.392.4897 (toll-free) or +1.412.232.3250.

Contact Us

Related Resources

documentation icon

Timesys Datasheet

Timesys Security Vulnerability and Patch Notification

documentation icon

Timesys CVE Notification

View a Sample Timesys CVE Report

try meta-timesys security notification for Yocto

meta-timesys Yocto Layer

Try Timesys Security ‘Pull’ Notification for Yocto

Timesys University Webinar Series | Sponsored by:

Reduce Risk with RISC:
Designing and Maintaining Secure Embedded Linux Devices with Advantech RISC Platforms

View Details

Timesys Security Video

Timesys Security Vulnerability and
Patch Notification Service for Yocto

Timesys Security Video

Timesys Security Vulnerability and
Patch Notification Service for Factory

Additional Security Resources

Timesys Security Video

Secure Boot on i.MX 6Quad Powered Advantech DMS-BA16 Qseven Module

Timesys Security Video

Secure Firmware Update Using SWUpdate

Timesys Security Blog

Secure boot on Snapdragon 410