Open Source Embedded Software Development and Security Blog

FreeRTOS SBOM Generation and CVE Scanning

FreeRTOS SBOM Generation and CVE Scanning

Understanding the Importance of CVE Scanning with SBOMs Scanning your open source software for CVEs (Common Vulnerabilities and Exposures) is a very important maintenance step for any software project.   An Introduction to CVE Scanning and SBOMs Generally, these...

read more
Securing your Linux Configuration (Kernel Hardening)

Securing your Linux Configuration (Kernel Hardening)

This article discusses the process by which your kernel’s configuration can be strengthened to protect against common security exploits. This is sometimes referred to as hardening, or specifically in this context, kernel configuration hardening.

A Linux kernel configuration is a file which defines all of the enabled (or disabled) options which are compiled in to your kernel. If you have not seen one before, they generally reside in …
 

read more
Discretionary Access Control (DAC) Hardening

Discretionary Access Control (DAC) Hardening

Discretionary Access Control hardening can further improve your embedded system’s security by limiting userspace access to proprietary intellectual property, exploitable binaries, and privileged information. The example permissions shown here are defaults produced during a demonstration Yocto build.

In Linux, a file has the following relevant parameters (when listing a file with the “ls” command):
 

read more