Embedded Systems Deep Dive | Vigiles CVSS and policy alerts

Embedded Systems
A Timesys Deep Dive

May 2021

WHAT’S INSIDE:

Cybersecurity in the News: Pres. Biden’s new Executive Order
Case study: Medical Device Manufacturer brings secure product to market with 70% cost savings
Improve vulnerability management efficiency with Vigiles + Black Duck
New Vigiles features: CVSS & policy alerts
New TimeStorm IDE releases enable secure IoT and Yocto-based applications
CVEs you need to know about

Secure By Design NXP Series Webinar On-Demand
Secure Software Updates: Designing OTA Updates for secure embedded Linux systems

DETAILS / WATCH

Cybersecurity in the news

Linux and Open-Source Communities Rise to Biden’s Cybersecurity Challenge

President Biden issued an Executive Order to bolster cybersecurity in the federal government and beyond. Open-source software is specifically named in the EO. Will you be ready to comply with the new guidelines?

Timesys can help get you there. Get best-in-class vulnerability monitoring & management with Vigiles.

GET STARTED WITH VIGILES NOW

Case study: Infection control company collaborates with Timesys to bring medical product to market with 70% cost savings

READ THE FULL CASE STUDY

Vigiles + Black Duck = improved efficiency and productivity for OS & app security

How much time could you save with 85% fewer CVEs to analyze? Learn how Black Duck & Vigiles work in tandem to drastically reduce your workload while optimizing your security solution with function-specific tools.

DOWNLOAD THE ONE-PAGER

Vigiles Prime new feature: Automatic alerts for non-authorized license type and for CVEs exceeding CVSS score threshold

Timesys has added the ability to add CVSS and Licensing alerts to Vigiles, assisting you with policy management.

Vigiles CVSS Alerts help ensure that developers do not introduce packages with high/critical CVEs into your product software.

The Vigiles License Alerts let you identify/flag license violations with the company policy, such as a package with an unapproved license being installed on target device, helping your team stay in compliance with policy enforcement.

You can choose to receive notification of CVSS and License alerts via email or to have an issue created in Jira.

Find more information about the new features in the Vigiles Changelog.

VIEW THE VIGILES CHANGELOG

Only available with Vigiles Prime.

START VIGILES PRIME FREE 30-DAY TRIAL

Latest TimeStorm IDE Releases Further Enable Efficient Development of Secure IoT and Yocto-based embedded Linux applications

Timesys recently released TimeStorm 5.5.0 — a new release based on Eclipse Project 2020-09. In addition to updating to the Eclipse Project 2020-09 baseline, this release includes the following:

Added Java 11 support
Added LTTng UST for running UST (User Space Tracer) on remote targets
Added support for remote debugging of C/C++ and Python for Debian OS running on hardware target
Fixed Linked Resources issue for C/C++ Projects
Fixed miscellaneous compiler settings swapped between C and C++ issue

We’ve also released version 5.4.1 with above features — a maintenance release based on Eclipse Project 5.4.0.

Existing TimeStorm users can access these latest releases and documentation from within the LinuxLink portal.

LEARN MORE

TRY TIMESTORM FREE

Vigiles Alert: Linux CVEs you need to know about

Sign up or sign in to view CVE information in Vigiles.

CVE-2020-32399 — Linux kernel vulnerability
Problem Type: Race Condition
CVSSv3 Score: 7.0 (High)
Description: net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller.

CVE-2020-32020 — FreeRTOS kernel
Problem Type: Buffer Overflow
CVSSv3 Score: 9.8 (Critical)
Description: The kernel in Amazon Web Services FreeRTOS before 10.4.3 has insufficient bounds checking during management of heap memory.

CVE-2019-27097
Problem Type: Insufficient Information
CVSSv3 Score: 7.8 (High)
Description: The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT.

Run a Vigiles scan to see if your system is exposed. Don’t have a Vigiles account? Register now to try it free.

GET STARTED WITH VIGILES NOW

www.timesys.com

Timesys, the Timesys logo, Vigiles and TimeStorm are trademarks or registered trademarks of Timesys Corporation. Linux is a registered trademark of Linus Torvalds in the United States and other countries. All other company and product names mentioned are trademarks and/or registered trademarks of their respective owners.