An embedded Linux device typically builds on tens to hundreds of open-source components - e.g. the Kernel, daemons, bootloaders, shell, crypto libraries etc. During the normal lifespan of a device, a multitude of cyber security related vulnerabilities are publicly discovered and registered for these components. In principle, depending on the nature of the device, any of these vulnerabilities could be damaging to the vendor’s business.
Analyze Linux devices and break down firmware into a structured list of community driven components (CPEs).
Cross examine CPEs against leading vulnerability databases (e.g. NIST NVD)
Notify potential findings (Common Vulnerabilities and Exposures - CVEs) to customers, and provide technical assistance in the threat assessment.
Assist in implementing recommended fixes and counter measures in the product firmware.
As the primary back office workload of the PCSI process is shared across multiple customers and systems - we can offer a very cost efficient solution.