Wind River, a global enabler in delivering software for mission-critical intelligent systems, has introduced Wind River Studio Linux Security Scanning Service.
The service, currently available to use at no charge, provides professional-grade scanning to identify Common Vulnerabilities and Exposures (CVEs). Tuned to the unique needs of embedded Linux development, it also indicates whether a remediation solution is already available for a given CVE, including fixes and patches available from Wind River.
“In a highly connected and complex computing landscape where security exploitations are becoming more prevalent, the effective and proactive monitoring and management of CVEs is a top priority. In the rush to add new features, get to market faster, and achieve platform stability, CVEs often go inadequately addressed in the maintenance lifecycle,” said Amit Ronen, chief customer officer, Wind River. “Leveraging our many years of Linux experience and expertise, Studio Linux Security Scanning Service helps developers quickly identify high-risk vulnerabilities, prioritize remediation efforts, and enhance the security of their Linux-based devices and systems.”
Once a developer runs a software bill of materials (SBOM) or manifest in the scanner, it analyzes specific platform layers, including kernel, user space, libraries, and other system components, and compares it to an extensive knowledge base to accurately identify critical vulnerabilities. The scanner can also display licenses leveraged within the platform’s packages to assist artifact generation and compliance requirements. The resulting list of identified vulnerabilities is ranked according to the Common Vulnerability Scoring System (CVSS v3).
The service leverages a knowledge base that has been developed from a curated collection of data sources, including the Yocto Project, NIST, and the Wind River database of CVEs.
Organizations looking to take the next step to address CVEs can contact Wind River to develop a mitigation plan. Wind River experts can engage with teams to rapidly identify and prioritize CVEs based on the severity and the exploitability of each vulnerability identified, assess the time and effort needed to secure the Linux platform, and develop the path to mitigation and remediation.