WHAT’S INSIDE:

• Cybersecurity news: Critical Vulnerability Fix: OpenSSL version 3.0.7 to fix highest severity issue announced since 2014
• Timesys Revealed 5 Tips for SBOM Management at 3rd Annual Medical Device & Diagnostic Cybersecurity Conference
• Code Signing Key Protection Added to VigiShield
• Hosted EBF Enables Internet-Access for Anyone With Proper Credentials
• When's the Last Time You Got What You Really Wanted?
• Learn with Timesys: blogs and webinars galore
• The Brains Connecting to Your Device: Timesys ZOMBIES

Cybersecurity in the news

Critical Vulnerability Fix: OpenSSL version 3.0.7 to fix highest severity issue announced since 2014 

According to HelpNetSecurity: "The OpenSSL Project team has announced that, on November 1, 2022, they will release OpenSSL version 3.0.7, which will fix a critical vulnerability in the popular open-source cryptographic library (but does not affect OpenSSL versions before 3.0).

No details have been shared with the public about the vulnerability and, according to OpenSSL core team member Mark J. Cox, attackers are unlikely to ferret out the vulnerability before the fixed version is widely deployed. “Given the number of changes in 3.0 and the lack of any other context information, [attackers successfully scouring the commit history between 3.0 and the current version] is very highly unlikely,” he opined."

Read the full article here: https://www.helpnetsecurity.com/2022/10/26/openssl-3-0-7-vulnerability-critical-fix/

There are no CVE details on this vulnerability at this time. This is an early notification.

Want to stay ahead of threats? Lucky you: we launched the Timesys CVE Dashboard and update it weekly with details on the dangerous security vulnerabilities that could be affecting your device.

Conference Recap

Timesys Revealed 5 Tips for SBOM Management at 3rd Annual Medical Device & Diagnostic Cybersecurity Conference

At the 3rd Annual Medical Device and Diagnostic Cybersecurity Conference hosted for the first time in the United States, Timesys revealed "5 Tips for SBOM Management to Mitigate Medical Device Security Risks" and hosted a trivia round-table discussion on how to navigate the complexities surrounding SBOMs. 

If you missed out on how to assess trusted open-source software currently available and the best practices for creating a harmonized SBOM process, you can watch a replay of the presentation and even download bonus content below! 

New Features

Code Signing Key Protection Added to VigiShield 

Timesys is excited to announce that code signing key protection has been added as a new feature to VigiShield! With this new feature, the code signing key is stored on the hardware security module (HSM) and the build system requests signing using the PKCS#11 interface. Now with VigiShield Secure by Design, you can implement the core security features your device needs with an easy-to-understand, PSA certified, maintainable Yocto security layer and a high-level of security for your keys. 

Feature benefits of code signing key protection include:

• A high level of security for keys: Keys are never exposed outside of HSM, you can avoid leaving keys on unsecure developer laptops or ex-employees taking keys, and avoid accidental costly leaks of code signing keys.
• Meets compliance such as FIPS 140-2, Level 3
• Simplify and standardize your signing process with a unified way of key management across all products

With VigiShield Secure by Design add-on services, Timesys also offers engineering services to help your team integrate this new feature into your custom signing solution or other third party and cloud-based solutions.

Embedded Board Farm New Feature

Sneak Peak: Hosted EBF Enables Internet-Access for Anyone With Proper Credentials 

Timesys is excited to provide a sneak peak into a new EBF feature: internet accessibility. Timesys has partnered with Lineo and select semiconductor vendors to offer Hosted Embedded Board Farm, powered by Timesys Embedded Board Farm and Test Automation solutions. The hosted feature allows anyone with proper credentials to access the hosted boards from anywhere over the internet without requiring a VPN setup.

Hosted Embedded Board Farm eases embedded development Kit supply chain issues and improves the workflow for work-from-home developers and engineers.

Key Features:

• Enables you to either self-host or have Timesys and their partners host development kits for pre-sales evaluation.
• Allows early silicon access to selected customers in a very cost-effective manner, resulting in efficient management of alpha and beta releases.
• Timeshare development kits in a secure fashion, alleviating the already constrained supply chain.
• Train companies without spending resources on buying and maintaining labs.
• Remote developers, field, and support engineers can work from home using the same workflow as the on-prem capabilities without requiring a VPN setup.
• Allows field engineers to show demos, R&D to train field and support engineers, and more.
  

Timesys Vulnerability Management Survey

When's the Last Time You Got What You Really Wanted?

Make your dreams a reality. Your vulnerability management dreams. Help us out with your feedback and you can guide the roadmap for the vulnerability management features that make it faster to build and maintain secure products which let you sleep easier at night.

Plus, you could win a $50 gift card!

Learn with Timesys

Securing Build Infrastructure:
Code Signing Key Protection

How to use code signing techniques to avoid being hacked

Recently, there was a hack published for Hyundai’s Linux based infotainment head unit. The device itself had implemented security features such as signed/authenticated and encrypted images. However, the encryption key was stored in the Linux build system (Yocto) setup script. The script was inadvertently published as part of open source compliance. To make things worse, the code signing key used wasn’t unique and the hacker was able to “google it” based on the public key. What are some ways of securing keys to avoid such scenarios? Find out in our newest blog: 

Embedded Board Farm Solutions

The Brains Connecting to Your Device: Timesys ZOMBIES

How can you make your boards remotely accessible for collaborative software development, test automation, and debugging from anywhere in the world? 

The Timesys Embedded Board Farm (EBF) and Zombies, a custom Timesys developed hardware that can support up to 4 DUTs and be placed anywhere within your corporate network, offers a unique and immediate solution that bridges geographical gaps and adds your embedded products to your CI/CT process for higher quality and efficiency. 

Vulnerability Management for Embedded

Tools & Techniques to Monitor and Remediate Vulnerabilities in Your SBOM

November 10 @ 12 PM EDT / 9 AM PT

In this monthly live webinar and Q&A session, you'll learn essential ways to avoid a five-figure mistake along with:

- Why you need to manage your open-source software risks 
- How to generate an accurate SBOM (Software Bills of Materials) and why it matters
- Tools and techniques to monitor and remediate vulnerabilities in your SBOM
- And much more!

Can't make it on November 10th? Reply to this email and we'll send you the event recording, or watch previous webinars here.

www.timesys.com

Timesys, the Timesys logo, and Vigiles are trademarks or registered trademarks of Timesys Corporation. Linux is a registered trademark of Linus Torvalds in the United States and other countries. All other company and product names mentioned are trademarks and/or registered trademarks of their respective owners.