Timesys Security Vulnerability and Patch Notification significantly reduces the time and costs associated with maintaining software security — our customers have proven ROI.
The Vulnerability Notification enables you to stay secure by generating on-demand pull notification or receiving automatic push notification of known vulnerabilities relevant to your open source embedded Linux software. It includes the fixed and unfixed CVEs for the unique version of each software component built as well as CPU/Architecture CVEs.
The Patch Notification simplifies the process of finding and applying security updates and patches to your software. It includes links to the fixes and allows you to selectively apply them.
Timesys Security Vulnerability and Patch Notification is available for STMicroelectronics STM32MP1 series MPUs. It is available for Yocto Project and Timesys Factory builds, and for desktop and web.
- Pull notifications for current vulnerabilities
- Minimized false results
- Ability to subscribe to push notification
- Tracking of affected issues and CVE status changes for each build
- Reporting of fixed/patched CVEs within your software BOM
- Ability to create and use CVE whitelists
- Separate patch layer for easy integration
- Ability to subscribe to multiple software configurations
- Ability to view online reports (charts of overall counts, CVEs by severity, status)
- Categorized reports — kernel, libraries, CPU, whitelists
- Various report download formats
- Support for Yocto Project
- … and more
To try Timesys Security ‘Pull’ Notification for Yocto, visit https://github.com/TimesysGit/meta-timesys/tree/rocko#what-is-meta-timesys