With the increasing rate of information-security vulnerabilities and the unpredictability of discoveries, the manual process of keeping up with the newly discovered vulnerabilities for your device software is not feasible. Timesys helps reduce the time and costs associated with maintaining software security through its automated Security Notification and Update Management Service.
At core is Timesys’ Threats Response Security Team (TRST) — a team of embedded Linux engineers that constantly monitors security issues that impact open source software being used by Timesys customers and updates the Timesys CVE manager and repositories.
Discover and Identify – The Timesys Security Team utilizes a Timesys-built Common Vulnerabilities and Exposures (CVE) manager to gather information from nvd.nist.gov and security mailing lists to identify security issues relevant to the source code stored in the Timesys repository.
Analyze – The Timesys Security Team then analyzes the current state of the vulnerability to determine whether it is a known vulnerability with an available source code patch or update or a vulnerability for which there is currently no fix available within the original open source project.
Update and Patch – The Timesys Security Team adds all of the available security updates and patches to the code in the Timesys source code repository, runs verification tests to ensure the packages still build correctly and release the updates as part of the weekly Factory update cycle.
Notify – To determine if any security issues are known to affect their device / build, customers using Timesys’ Yocto Project Café or Factory desktop development environment can pull notification by running a check CVE command. Optionally, customers can store their workorder or manifest in Timesys’ web development environment and get push notification.
Eliminate the Time Spent Monitoring CVEs Yourself
With Timesys’ Security Notification, tracking relevant security vulnerabilities for your build is easy. You have access to on-demand notification that enables you to request a list of fixed CVEs as well as potentially unresolved security issues that are relevant for only the software components used in your particular configuration.
Integrate Updates and Patches with Confidence
With the Timesys Security Update service, it’s easy to apply updates and security patches into your software, and you remain in control of what gets updated.
Timesys provide everything needed to generate custom, open, embedded Linux or Android™ platforms for your devices. Timesys’ comprehensive portfolio of offerings enables your development team to customize a solution that meets your unique project requirements and fits within your budget. More details…
Find out more…
For more information on how LinuxLink can accelerate your embedded Linux development programs by 35% please complete the form below.