Offloading BSP maintenance frees development teams to accelerate time-to-market for new devices, build richer feature-sets for more competitive products
PITTSBURGH, PA / ACCESSWIRE / May 29, 2020 / Timesys Corporation (https://www.timesys.com), an industry pioneer and a leading provider of embedded, open-source software, engineering services, and security solutions, today announced a new collaboration with NXP® Semiconductors to jointly offer a turnkey BSP Lifecycle Maintenance Service for embedded Linux that offloads updates and security tasks for embedded system device developers.
BSP (Board Support Package) maintenance is typically a largely manual, complex process that consumes development team time and attention, especially when using Yocto Project BSPs. But if BSPs are not maintained consistently, embedded system products will be exposed to vulnerabilities and exploits and will not contain the most up-to-date software.
With the BSP Lifecycle Maintenance Service, a development organization can offload software maintenance tasks of monitoring and triaging vulnerabilities and updating and patching software to improve security that typically consumes an entire team’s capacity. Instead, teams can now focus on accelerating new product development for faster time-to-market.
“Security of your devices can no longer be ensured by scheduling a single review to be performed at the end of your device development,” said Atul Bansal, CEO of Timesys. “Instead, you need to ensure that your BSP software components are based on up-to-date versions, that they include all relevant security patches, and that you are accurately tracking all vulnerabilities that affect them. Our BSP maintenance service makes this simple and turnkey for your team. It means you can make security ‘stretch right’ in the software development lifecycle process, maintaining strong product security after release and throughout the product production lifetime.”
The NXP BSP Lifecycle Maintenance service will be featured in a June 2 webinar hosted by NXP and Timesys: Full Life Cycle Security Maintenance of Embedded Linux BSPs
The service, offered in conjunction with Timesys, provides:
- Complete BSP major software release updates on the development team’s desired cadence, typically twice per year.
- A subscription to NXP Vigiles Prime, the top tier of the Vigiles Security Vulnerability Monitoring & Management Service optimized for embedded systems and that includes Software Composition Analysis (SCA) and powerful vulnerability mitigation tools.
- Minor kernel version updates when needed for security or bug fixes, to maintain embedded Linux security for devices.
- Userspace security patching and package updates, through simple integration of the meta-timesys-security Yocto metalayer.
- Targeted updates of only desired components.
- Validation and testing of software on device hardware maintained in Timesys’ Board Farm.
- One on-demand emergency security fix per year in the event of a critical security problem.
“NXP recognizes that development teams using our i.MX and Layerscape® processors want to bring products to market and maintain the software in the most efficient way possible,” said Rob Oshana, vice president of software engineering in the edge processing business at NXP. “The BSP Lifecycle Maintenance Service offered in conjunction with Timesys enables embedded system products to stay up-to-date throughout their product lifecycles without eating into new product development cycles.”
More than 300 new vulnerabilities affecting software systems are disclosed every week by services such as the National Vulnerability Database (NVD) that reports Common Vulnerabilities and Exposures (CVEs).
The included Vigiles Prime service will analyze BSP software to automatically generate a Software Bill of Materials (SBOM) for Yocto, Buildroot, and Timesys Factory projects. The service then filters the many CVEs, identifying those that affect a specific product’s open-source components. Vigiles simplifies CVE detection and mitigation with developer team collaboration tools that simplify analyzing, tracking, and mitigating CVEs to enable products that are more secure by design and will stay secure after release.
Vigiles filters CVEs based on a project’s Linux kernel configuration and U-Boot configuration, which eliminates CVEs based on features not being used. This reduces CVE investigation and triage tasks by 75 percent on average based on usage data compiled by Timesys.
The security maintenance tools and BSP update monitoring, management and testing automate key steps in software maintenance, enabling device developers to reduce the overall risk of security problems for their product lines. Developers gain a more accurate understanding of a device’s exposure to vulnerabilities and they can accelerate vulnerability mitigation to cut the risk of a customer security breach.
Timesys is a pioneer and industry leader in open source software security, development tools, and engineering services spanning the embedded software market. With Timesys’ expertise, OEMs, ODMs, and design houses cut development costs and accelerate time-to-market for BSPs and devices, HMI / UX, security, and IoT systems and applications using embedded Linux, Android, FreeRTOS and other open source solutions. Timesys offers a complete end-to-end device security solution enabling developers to implement security early in the design and to maintain strong security throughout product lifecycles with Vigiles, an on-demand vulnerability monitoring, and management service. Representing more than 20 years of embedded development experience, Timesys’ broad portfolio, embedded expertise, and extensive partner ecosystem are used by 1000+ projects to develop leading products and applications including medical, industrial, networking, aerospace, and consumer solutions. For more information, visit www.timesys.com. Find Timesys on YouTube, Twitter, LinkedIn, and Facebook.
Timesys Press Contact
Timesys, the Timesys logo, and Vigiles are trademarks or registered trademarks of Timesys Corporation.
Android is a trademark of Google Inc.
Linux is a registered trademark of Linus Torvalds in the United States and other countries.
All other company and product names mentioned are trademarks and/or registered trademarks of their respective owners.