Home / Linux / Security service tracks embedded Linux vulnerabilities

Security service tracks embedded Linux vulnerabilities

Timesys has launched a Vigiles security monitoring and management platform with CVE tracking for embedded Linux available as free software or as a subscription service.

Timesys Vigiles automates the identification, tracking, and analysis of vulnerabilities by comparing embedded Linux firmware with NIST’s daily Common Vulnerabilities and Exposures (CVE) notifications. The software helps customers focus on vulnerabilities that pose the biggest threats to a customer’s specific software components, thereby “eliminating the need to manually monitor and analyze thousands of vulnerabilities,” says Timesys.



Vigilis summary report screen
(click image to enlarge)

The Vigiles service is a counterpoint to the Threat Resistance Security Technology (TRST) Product Protection security solution that Timesys launched a year ago. Whereas TRST offers some CVE tracking, it’s primarily designed to reduce the attack surface of products and otherwise harden devices against malware attacks. The Vigiles service offers more extensive CVE-based tracking of vulnerabilities and supplies triage and mitigation collaboration tools.

The announcement does not specify Linux, but there are several references to tracking CVEs common to Yocto Project device stacks. Timesys is known for its free, Yocto Project based LinuxLink development platform and Yocto-focused TimeStorm IDE.



Vigilis service plans
(click image to enlarge)

The free Basic version of Vigiles offers vulnerability monitoring for a single component list. Vigiles Plus, meanwhile, adds support for unlimited component lists. It also provides vulnerability management workspace “with collaboration tools for vulnerability analysis, triage and mitigation, advanced filtering based on CVE severity, detailed notifications, and advanced reporting tools,” says Timesys.

The high-end Vigiles Prime service adds Patch Notification features for the Linux Kernel. It automatically generates recommended fixes based on identified CVEs specific to product components, “augmented by detailed version analysis and tracking across all branches.”

 
Further information

Timesys Vigilis Basic is available for free download, and the Vigilis Plus and Prime services are available at the prices listed in the chart above. More information may be found in Timesys’ Vigilis announcement and product page.
 

Loading...

>> Source Link

Check Also

Earn your TEFL certification and unlock a world of possibilities

The AAPicks team writes about things we think you’ll like, and we may see a …

%d bloggers like this: