VXCHNGE, there will be 20.4 billion IoT devices by 2020. That is a staggering
number, no doubt! But with this surge of IoT and connected products must come
vigilance. Being connected and staying connected makes us vulnerable to
hackers – elevating the need for product security.
Since monitoring for vulnerabilities can be an extremely labor-intensive and
manual process, doing so often becomes an afterthought, which is dangerous
amid the rapid rise of vulnerabilities in just the last two years alone. The
Common Vulnerabilities & Exposures (CVE) database, which is operated by
the U.S. National Institute of Standards and Technology (NIST), reveal
hundreds of new vulnerabilities every week.
To address this challenge, NXP is now offering
Vigiles™ Security Monitoring and Management Service—the first semiconductor company to offer this web-based tool that
provides automated vulnerability monitoring for open source software
components operating within the Yocto Linux® environment.
Powered by Timesys, Vigiles is a web-based tool that developers can run
against their software build and scan against a comprehensive database of
known vulnerabilities and fixes. The real secret behind the effectiveness of
this tool is the database itself; a unique compilation from multiple sources,
including NIST, Canonical and CERT, just to name a few. The Vigiles team is
continuously monitoring for new vulnerability reports and fixes. A Vigiles
scan results in a comprehensive report with all the known vulnerabilities that
affect the developers’ software, while minimizing duplicate and
“false positive” entries. This means developers can focus on
fixing vulnerabilities that matter for much more efficient security
In a nutshell, the Vigiles tool is designed to help the developer community
ensure that their software is secure and up to date. The result is a
significant reduction in cost, time and effort to manage security of products
built with NXP’s i.MX applications processors as well as its networking
and automotive processor lines. Ultimately, Vigiles helps developers bring
more secure products to market faster.
The Impact of Vigiles: Different Use Cases, Different Industries.
Developers across a wide range of products and industries can benefit from
using the Vigiles tool. The following are just a few examples of who is
already benefiting from the automated vulnerability management service.
Medical Devices ̶ A maker of innovative
healthcare devices is using the Vigiles tool to ensure that their medical
devices have the strongest possible security posture and that
vulnerabilities affecting the products’ open source components do not
put the well-being of patients at risk.
Environmental Control Systems ̶ A
market-leading developer of HVAC and environmental systems controls is using
Vigiles to rapidly mitigate security issues and protect their systems from
remote cyber attacks and control-disruption exploits that would compromise
system control and operation.
Fuel Management Systems ̶ One of the
world’s most prominent developers of technologies for petroleum fuel
distribution systems is using Vigiles to prevent the compromise of
mission-critical requirements for safety controls by making sure that all
known vulnerabilities affecting these systems are flagged and tracked and
that patches and updates are applied on a timely basis.
No matter the industry or the product line, the Vigiles web-based tool can
help streamline security maintenance for embedded systems using open source
components. In fact, early field testing of Vigiles continues to
validate how it can significantly cut cost and time for vulnerability
management, helping NXP customers bring more secure products to market faster.
For a free demo of Vigiles Prime or to start Vigiles Basic for free, visit: