Software Vulnerability Monitoring and Remediation
Long Term Support Linux And Zephyr with CVE Monitoring, Reporting, and Remediation
Day after day, Common Vulnerabilities and Exposures (CVEs) threaten your devices deployed in the field. Managing your devices’ boards support package (BSP) for vulnerabilities by yourself is a full-time job: creating custom tools to scan, monitor, and report on the software bill of materials (SBOM) for your device and dedicating engineers to port patches or upgrade software to address never-ending vulnerabilities. It’s time consuming and takes critical resources away from developing your core product. Leverage our Summit Suite Software Vulnerability Monitoring and Remediation solution for BSP security lifecycle management from the start to the end.
How It Works
We start with customized BSPs for our 60 Series SOM, Sentrius™ IG60, and Summit SOM 8M Plus. These BSPs are based on Yocto or Buildroot to generate Linux operating systems for application processors and Zephyr for microcontrollers. Our long-term support of these BSPs help your team keep software up to date while stabilizing a product to get to market launch and maintain it in the field with minimal disruptions and retesting.
Next, we onboard your team and your SBOM into a shared workspace with our FAE / engineering teams in Vigiles Prime, a best-in-class vulnerability monitoring and reporting cloud-based software service provided by our partner Timesys. This helps us track what CVEs affect your software before launch as well as later in the field. Using the industry and government standard Common Vulnerability Scoring System (CVSS), we help you prioritize the most severe vulnerabilities. As your development progresses, we work with you to monitor, report, and triage CVEs found in your SBOM.
We work with you to triage and remediate CVEs related to your SBOM before and after your product goes to market, regularly meeting with your team on joint remediation or mitigation strategies. We then move on those strategies to provide an updated BSP release to address CVEs. If a new QA cycle is required on our BSP and hardware platform combination, our QA team will get to work to ensure our product continues to have the feature and functionality your team expects. Your team can continue to focus on adding value through your expertise and outsource the burden of retesting core BSP functionality.
We’re one partner with every needed capability, providing the device hardware, the optimized BSP, BSP vulnerability monitoring, and BSP vulnerability remediation and mitigation under one roof.
Long-term support BSPs with flexibilityNew long-term BSPs every two years with four biannual updates to each new long-term BSP. Get longer security support windows or more frequent security updates with Summit Suite.
Industry-best CVE alerts, monitoring, and reportingNew common vulnerabilities are discovered week after week. Keep ahead of the ones affecting your SBOM, with severity highlighting and exportable reports for the rest of your organization.
Shared platform for your team and oursVigiles Prime instance allows our teams to connect on identifying CVEs and enacting solutions. Automatically import your SBOM updates and get scans and reports with Vigiles Prime APIs.
Focus on what matters most - your core productMonitoring for CVE remediation is a full-time job. Let us keep you ahead of the curve with industry-standard continuous monitoring using CVSS scoring and updated BSP releases.
Leverage our engineering and GA for BSP updates & testingWe work with you to identify the remediation strategies you need to preserve feature functionality. Our QA teams can coordinate testing to maintain core BSP compatibility.
Industry-leading supportOur Tier 2 and FAE support bring expert assistance, working with you and our engineering to reduce your time to market.
The Process Explained
Long-term Support BSP Roadmap
Every two years, we release new Linux and Zephyr long-term support (LTS) BSPs for partners using our hardware products. We do 4 standard releases on a 6-month cadence from each new Linux and Zephyr LTS BSP. These form the foundation of the long term BSP security lifecycle. After the 4 standard releases from a Linux and Zephyr LTS BSP, it can be maintained for new security releases under the Summit Suite Vulnerability Monitoring and Remediation solution. If more frequent security releases are desired during the 4 standard release cycle, these security release can also be done under the Summit Suite Vulnerability Monitoring and Remediation solution.
|Summit Yocto Linux+Zephyr BSP Releases||2022||2023||2024||2025||2026||2027|
|Release 4 – LTS Kernel, LTS Yocto, LTS Zephyr||4 R1||4 R2||4 R3||4 R4||Further Releases Summit Suite Only|
|Release 2 – 5.15 Kernel, Yocto Kirkstone, Zephyr 2.7||2 R1||2 R2||2 R3||2 R4||Further Releases Summit Suite Only|
|Summit Buildroot Linux BSP Releases||2022||2023||2024||2025||2026||2027|
|Release 12 - LTS Kernel and LTS Buildroot||12 R1||12 R2||12 R3||12 R4||Further Releases Summit Suite Only|
|Release 10 – 5.15 Kernel 2022.02 Buildroot||10 R1||10 R2||10 R3||10 R4||Further Releases Summit Suite Only|
Industry-leading CVE Monitoring and Reporting
Vigiles Prime provides web-based, easy to digest CVE reports with detailed information for every vulnerability in each software package in your SBOM. It displays the CVSS score, fixed version, and links to patches for fixes. Reports are exportable and shareable, and email alerts can be configured to be sent daily, weekly, or monthly on newly discovered CVEs in your SBOM. If you’re regularly creating updated SBOMs for your product, these can be automatically uploaded into Vigiles Prime from your continuous integration and build process via Vigiles Prime’s APIs.