Click here to view this message in a browser window.

Timesys embedded software development and security newsletter September 2021

Embedded Systems
A Timesys Deep Dive

May 2022


Cybersecurity in the news

Unpatched DNS bug affects millions of routers and IoT devices

According to Bleeping Computer: "A vulnerability in the domain name system (DNS) component of a popular C standard library that is present in a wide range of IoT products may put millions of devices at DNS poisoning attack risk. A threat actor can use DNS poisoning or DNS spoofing to redirect the victim to a malicious website hosted at an IP address on a server controlled by the attacker instead of the legitimate location."

Read the full article here:

Need more info on this vulnerability? Check it out here:


Want to stay ahead of threats? Lucky you: we launched the Timesys CVE Dashboard updated weekly with details on the dangerous security vulnerabilities that could be affecting your device.

Take me to the CVE Dashboard

IoT Security Simplified with VigiShield Secure by Design

Security, simplified.

In today’s heightened cyber threat environment, connected embedded systems for industrial controls, transportation, navigation, communications, aerospace, military applications, healthcare devices, logistics systems, and many others require uncompromising security at deployment and throughout their product lifecycles.

What’s the key to managing device security? Implement security early in its design.

With VigiShield Secure by Design, we can ensure your device is not running tampered software by verifying its authenticity before execution, protect IP and sensitive user information by encrypting data/software, help you determine how to update/deploy software securely and deny unauthorized software installs, and much more.

Avoid production delays by securing your software supply chain.

Avoid the rework and cost overruns that come with deploying security too late in design. Leverage detailed SBOMs and an end-to-end framework to ensure the integrity of your software supply chain.

For more information about what VigiShield Secure by Design can do, read our VigiShield Secure By Design for Yocto article in our blog library.


Learn More About VigiShield
Schedule a VigiShield Consultation



Introducing Vigiles Enterprise

Take advantage of our purpose-built vulnerability management tool, Vigiles.

This best-in-class vulnerability monitoring and remediation tool combines a curated CVE database, continuous security feed based on your SBOM, powerful filtering, and easy triage tools so you don’t get blindsided by vulnerabilities.

Single sign-on (SSO)
Companies that use identity management systems can leverage SSO and have employees sign in to Vigiles using their corporate identity. This facilitates easy provisioning of Vigiles to users. Vigles Enterprise (Beta) currently supports Azure AD as the Identity Provider (IdP) for SAML SSO.

Groups functionality
The Groups feature makes it easier for you to collaborate within teams (internal and external) while allowing you to restrict access on a need basis. The group structure is as follows:

  • Organization: the highest level of grouping; for example, the entire company (and/or external clients you work with)
  • Groups: the second highest level of grouping; for example, your division
  • Sub-Group: the third level of grouping; for example, your project/product team
  • Folders: Organize/manage SBOMs within folders; for example, a product release folder

Members of the organization can be added to multiple groups or subgroups based on the desired level of visibility and access.

Role-based access control
Vigiles Enterprise provides four different types of members/users:

  • Admin can manage Vigiles instance, organizations, and add/remove members to organization (+ all of maintainer permissions)
  • Maintainer can create/manage groups and add/remove members to groups (+ all of developer permissions)
  • Developer can upload/manage SBOM's and CVE reports, integrations (+ all of guest permissions)
  • Guest access to SBOMs and CVE reports


Compare Vigiles Free, Prime, and Enterprise


Get in touch to discuss Vigiles Enterprise

Learn with Timesys

Read up on embedded security with our two latest blogs

DM-Verity Without an Initramfs

Learn how you can implement file system verification on your embedded system without the use of an initramfs. This can significantly save boot time and storage requirements in many situations.

Read the blog



Securing U-Boot: A Guide to Mitigating Common Attack Vectors

Learn about ways in which you can protect and secure U-Boot implementations on your embedded systems. This involves signed FIT images, environment protections, and serial console disablement methods.

Read the blog

Upcoming Events

Conferences Around the World You Don't Want to Miss


NXP Tech Day Minneapolis

Global Training Program

June 2, Minneapolis, MN

Join us for an insightful presentation: 5 Things You Need to Know About Cybersecurity for Industrial Control Systems & Medical Devices: Mitigate Risk with Proactive Security Processes.

Register To Attend


Embedded Technology Convention USA 2022

Embedded Technologies & Systems Showcase

June 8-9, Las Vegas, NV

Join us at the Embedded Tech Convention with 5000 of our closest friends! Discover the latest technological innovations and trends, expand your industry knowledge and extend your global professional network.

Register To Attend


Embedded World 2022

Exhibition & Conference

June 21-23, Nuremberg

Will you be at Embedded World this year? We're excited to showcase our latest security solutions as a featured partner with our friends at STMicroelectronics. 

More Details


Embedded Linux
Conference (ELC) 2022

Even More Board Farm Goodness

June 21-24, Austin, Texas + Virtual

Join us for an update on work to create a standard API between automated tests and board farm hardware and software! Part of Open Source Summit, ELC is for companies and developers using Linux in embedded products. It gathers the technical experts working on embedded systems and applications for education and collaboration, paving the way for transformation in these important and far reaching areas.

Register To Attend


Security Vulnerability Management 101

Tool & Techniques to Monitor and Remediate Vulnerabilities in Your SBOM

June 30 @ 12 PM ET / 9 AM PT

In this monthly live webinar and Q&A session, you'll learn:

- Why you need to manage your open-source software risks 
- How to generate an accurate SBOM (Software Bills of Materials) and why it matters
- Tools and techniques to monitor and remediate vulnerabilities in your SBOM
- And much more!

Yes! I want to register for the live webinar and Q&A

Can't make it on June 30th? Reply to this email and we'll send you the event recording, or watch previous webinars here.

Timesys blog logo YouTube logo Linkedin logo Twitter logo  Facebook logo

Timesys, the Timesys logo, and Vigiles are trademarks or registered trademarks of Timesys Corporation. Linux is a registered trademark of Linus Torvalds in the United States and other countries. All other company and product names mentioned are trademarks and/or registered trademarks of their respective owners.

Copyright ©2022 Timesys Corporation
Our address is 1905 Blvd of the Allies, Pittsburgh, PA 15219, USA

If you do not wish to receive future Timesys Corporation email communications or would like to manage your communication preferences, click here.