A No-Fee Linux CVE Scan from Wind River

By Chad Cox

Production Editor

Embedded Computing Design

June 07, 2023


Image Credit: Wind River

Alameda, California. Wind River released a no-fee professional-grade scanning tool to identify Common Vulnerabilities and Exposures (CVEs). The Wind River Studio Linux Security Scanning Service is designed for the distinct requirements of embedded Linux environments indicating when a fix or patch is available for a given CVE.

“In a highly connected and complex computing landscape where security exploitations are becoming more prevalent, the effective and proactive monitoring and management of CVEs is a top priority. In the rush to add new features, get to market faster, and achieve platform stability, CVEs often go inadequately addressed in the maintenance lifecycle,” said Amit Ronen, chief customer officer, Wind River.

Executing a software bill of materials (SBOM), or manifested in the scanner, the solution enables developers’ full examination of various platform levels including kernel, user space, libraries, and other system components. The subsequent data is then compared to prerequisite knowledge from a collection of data sources such as Yocto Project, NIST, and the Wind River database of CVEs, to identify vulnerabilities. The end-line results are placed according to the Common Vulnerability Scoring System (CVSS v3).

Ronen ends, “Leveraging our many years of Linux experience and expertise, Studio Linux Security Scanning Service helps developers quickly identify high-risk vulnerabilities, prioritize remediation efforts, and enhance the security of their Linux-based devices and systems.”

For more information and to conduct a free scan, visit www.windriver.com/services/linux/security-scanning.

Chad Cox. Production Editor, Embedded Computing Design, has responsibilities that include handling the news cycle, newsletters, social media, and advertising. Chad graduated from the University of Cincinnati with a B.A. in Cultural and Analytical Literature.

More from Chad