NXP Solves Vulnerability Detection Challenge for Developers with New Automated Tool

According to VXCHNGE,  there will be 20.4 billion IoT devices by 2020. That is a staggering number, no doubt! But with this surge of IoT and connected products must come vigilance. Being connected and staying connected makes us vulnerable to hackers – elevating the need for product security.

Since monitoring for vulnerabilities can be an extremely labor-intensive and manual process, doing so often becomes an afterthought, which is dangerous amid the rapid rise of vulnerabilities in just the last two years alone. The Common Vulnerabilities and Exposures (CVE) database, which is operated by the U.S. National Institute of Standards and Technology (NIST), reveal hundreds of new vulnerabilities every week.

To address this challenge, NXP is now offering Vigiles™ Security Monitoring and Management Service—the first semiconductor company to offer this web-based tool that provides automated vulnerability monitoring for open source software components operating within the Yocto Linux® environment.

Powered by Timesys, Vigiles is a web-based tool that developers can run against their software build and scan against a comprehensive database of known vulnerabilities and fixes. The real secret behind the effectiveness of this tool is the database itself; a unique compilation from multiple sources, including NIST, Canonical and CERT, just to name a few. The Vigiles team is continuously monitoring for new vulnerability reports and fixes. A Vigiles scan results in a comprehensive report with all the known vulnerabilities that affect the developers’ software, while minimizing duplicate and “false positive” entries. This means developers can focus on fixing vulnerabilities that matter for much more efficient security maintenance.

In a nutshell, the Vigiles tool is designed to help the developer community ensure that their software is secure and up to date. The result is a significant reduction in cost, time and effort to manage security of products built with NXP’s i.MX applications processors as well as its networking and automotive processor lines. Ultimately, Vigiles helps developers bring more secure products to market faster.

The Impact of Vigiles: Different Use Cases, Different Industries.

Developers across a wide range of products and industries can benefit from using the Vigiles tool.  The following are just a few examples of who is already benefiting from the automated vulnerability management service.

• Medical Devices  ̶  A maker of innovative healthcare devices is using the Vigiles tool to ensure that their medical devices have the strongest possible security posture and that vulnerabilities affecting the products’ open source components do not put the well-being of patients at risk.
• Environmental Control Systems  ̶  A market-leading developer of HVAC and environmental systems controls is using Vigiles to rapidly mitigate security issues and protect their systems from remote cyber attacks and control-disruption exploits that would compromise system control and operation.
• Fuel Management Systems  ̶  One of the world’s most prominent developers of technologies for petroleum fuel distribution systems is using Vigiles to prevent the compromise of mission-critical requirements for safety controls by making sure that all known vulnerabilities affecting these systems are flagged and tracked and that patches and updates are applied on a timely basis.

No matter the industry or the product line, the Vigiles web-based tool can help streamline security maintenance for embedded systems using open source components.  In fact, early field testing of Vigiles continues to validate how it can significantly cut cost and time for vulnerability management, helping NXP customers bring more secure products to market faster.

For a free demo of Vigiles Prime or to start Vigiles Basic for free, visit: Vigiles.