Overview IoT devices incorporate keys / certificates for various use cases such as: authenticating to a cloud service, establishing secure network connections, securing Over-The-Air firmware update images etc. There are multiple software and hardware based solutions...
Open Source Embedded Software Development and Security Blog
IoT security simplified with PSA Certified VigiShield
From customer expectations to cybersecurity regulations, the demand for security assurance of devices has never been greater. Yet device manufacturers find it challenging to secure Linux devices. Establishing a secure Linux platform requires deep expertise and time...
VigiShield Secure By Design for Yocto
Overview The Yocto Project is a popular choice for creating custom Linux distributions for IoT devices. When creating a custom Linux distribution one of the key challenges faced by device manufacturers is the time and expertise required to secure the distribution....
Yocto Security: Automating compliance using OpenSCAP
The Security Content Automation Protocol (SCAP) is a method of using certain interoperable security standards to automate evaluating policy compliance of deployed systems. In order to scan a system for compliance or vulnerabilities, there are two components involved:...
Embedded World Highlights: Build it faster & with stronger security
Security is becoming a critical differentiator in embedded system products across a wide range of applications.
And the tools are now available to ensure products can be more secure without sacrificing time-to-market and, in some cases, even accelerating development.
Those are key takeaways from this year’s Embedded World Exhibition and Conference that took place in Germany last week.
Build it fast, and build it secure: see the latest at Embedded World
The world of embedded systems has gone through a massive transformation in recent years.
The rise of smart devices, the Internet of Things, mobile computing platforms, connected devices and a range of other innovations have driven embedded system deployments through the roof. Industry observers estimate IoT deployments alone account for 23 billion device deployments in 2018, up from 15 million in 2015. And that number is projected to triple in the next six years.
Tracking and Maintaining the Security of Embedded Systems
The deployment modes and functionality of embedded systems have evolved rapidly in recent years, thanks to widespread connectivity of Internet of Things devices and associated systems.
Yet the common security practices for most embedded systems remain largely unchanged from the days when they were isolated, air-gapped systems.
The shortfall in embedded system security is leading to sharply escalating risk of cyberbreaches. The trend …
The Risks of a ‘Stale, Abandoned’ Product
Some product management decisions are hard. Product managers are constantly weighing trade-offs among time-to-market, functionality, competitive differentiation, development costs and other factors.
But some product decisions seem like no-brainers. Would you bring an IT product to market that puts customers at significantly increased risk of security breaches, privacy violations, potentially massive fines and lawsuits?
“Of course not. That would be lunacy,” you can imagine the typical product manager as saying. Yet companies are shipping products every day that introduce this sort of …
Who is attacking IoT? What do they want?
The motivation of hackers sometimes can be plain as day. Other times, not so much.
As attacks on Internet of Things (IoT) devices and deployments escalate, it is important to understand what these attackers are trying to accomplish. Understanding these motives, after all, can help us to pinpoint why a security vulnerability represents a risk, to prioritize mitigation and defenses, and to focus responses to attacks.
This analysis is especially important if you provide products and platforms to companies deploying IoT …
Progress toward IoT security … a little less conversation, a little more action please
Research, reporting and commentary about Internet of Things security has made a flurry of technology headlines over the past several years. And industry observers are commenting that IoT security may finally be gaining the attention it deserves among technology decision makers.
So will 2019 be a milestone year for IoT security?
Or will more IoT security failures lead to more industry regulation, more vendor criticism and more conversation, not enough action?
‘Be Secure or Be Fined’ … 2018’s major milestones in IoT and embedded system security
As 2018 draws to a close, we’ve seen a landmark year in cybersecurity for embedded systems and the Internet of Things (IoT), marked by escalating threats, new regulation, and broader attacks.
Here’s a look back at three important IT security milestones in 2018 and a look forward with some predictions for 2019 and beyond.
2018: Year of Record Vulnerabilities
With a few days remaining in the year, the number of …
Will more embedded device makers fix security before massive fines force them to do it?
Security of smart devices is getting worse, says a penetration testing expert, who blames suppliers of connected devices that ignore security and privacy issue notifications.
Is the answer more security regulations and laws, or is it better product strategy?
Patch management for better embedded system security
Patch management remains a major headache for enterprises, according to researchers and security experts. With reported security vulnerabilities now climbing into the tens of thousands each year, busy IT departments struggle to identify and analyze the vulnerabilities that apply to their systems, and to manage all the patching needed to mitigate risks.
And the Internet of Things (IoT) poses even greater challenges for patch management.
Monitoring and managing vulnerabilities for embedded systems built with Yocto
The Yocto Project is well known for enabling product developers to quickly and easily customize Linux for Internet of Things (IoT) devices and other embedded systems. But today’s environment is marked by heightened security concerns, skyrocketing vulnerability reports, and high-profile security breaches.
Getting your embedded system product to market fast is important. But getting to market fast without a secure design and a plan for managing future vulnerabilities is a huge mistake.