Vulnerability Monitoring and Management for Open Source:
Cutting Through the CVE Storm
In April 2018, the CVE list surpassed 100,000 entries.* With tens of thousands of Common Vulnerabilities and Exposures (CVEs) discovered every year, keeping up with embedded software security can be overwhelming. It’s easy to get lost in a sea of vulnerabilities larger than any one person or team could feasibly sort through on their own. But ignoring vulnerabilities or hoping they don’t apply is not an option. No matter which industry your product is in — whether it’s medical, transportation, IIoT or other — maintaining the security posture of your embedded device throughout its lifespan has never been more important.
By continuously monitoring and updating your customized software, you can minimize security threats throughout its lifecycle. But do you and your team have the time and budget to take on the task of monitoring and managing vulnerabilities yourself? Timesys’ TRST (Threat Resistance Security Technology) Product Protection Solutions include our Security Vulnerability and Patch Notification Service which is designed to help you reduce the time and cost you devote to security.
The Timesys Security Vulnerability Notification service alerts you to only the vulnerabilities that are relevant to your specific software configuration. The CVE report you receive provides you with severity scores and links to detailed information about the relevant vulnerabilities.
The Timesys Patch Notification service provides you with the vulnerabilities’ status information as well as links to the fixes. And when it comes to applying the security patches into your software, you can selectively apply the fixes, enabling you to remain confidently in control of what gets updated.
To help you easily manage your notifications, Timesys’ Security Vulnerability and Patch Notification Service includes accesses to your personal online Security Notification Management dashboard — where you can view the CVE reports and CVE history for all of your software configurations.
Fill out the form to schedule a personal review of how TRST can help your products stay secure.
Want to talk to us about how your products can be more secure?
Just fill out the form below or send an email to firstname.lastname@example.org, and we will be in touch within one business day to schedule a personalized call.
* Denotes required field.
In April 2018, the CVE list surpassed 100,000 entries.*
Timesys Security Vulnerability and Patch Notification Service
We can’t make the vulnerability storm go away. But we can make weathering the storm a lot easier by helping you stay secure.
No work for you
Because the TRST team maintains the Timesys CVE manager database for you, the amount of time spent having to monitor CVEs yourself is eliminated.
Filter out the noise
You receive notification of vulnerabilities relevant to only your open source software, which means less information you need to sort through.
Get notification when you want it
You decide how you want to receive notification, enabling you to get it when you need it.
Access CVE details easily
Whether via command-line or web, you can access detailed information about a known CVE via the direct links provided.
Always know what is affected
You can subscribe to Notification for each and every build.
Track changes conveniently
The report history for all configurations is available in one place, making it quick and easy to see what’s changed — newly discovered CVEs and fixed CVEs.
Locate fixes easily
You can add or update the meta-timesys-security layer, where the TRST team has added available updates and patches.
Remain in control
With Timesys’ Patch Notification service, you can selectively apply patches … so you decide what gets updated.
Related Security Resources
Timesys Security Blog
Managing vulnerabilities: Understanding patch notifications and fixing CVEs
Timesys Security Video
Timesys Security Vulnerability and
Patch Notification Service for Yocto
Timesys Security Video