Jump directly to main navigation Jump directly to content Jump to sub navigation

Outdated and thereby insecure software components in industrial products or critical infrastructure are one of the greatest risk factors for cyber attacks. Norms such as IEC 62304 for medical device software as well as the compliance departments of customers therefore increasingly expect IT security management processes and sophisticated risk evaluation.

Evaluation of CVE relevance by experts

Known weaknesses and vulnerabilities are collected worldwide as common vulnerabilities and exposures (CVE) and are the starting point for risk assessment. The aim is to identify product-relevant security findings as early as possible and to check whether and when they can or should be addressed in the productive system by means of an update.

The emlix CVE security monitoring includes the following services:

  • Analysis of the software components included in the product
  • Evaluation of the usage and operations context and the risk structure
  • Database aggregation of information and monitoring
  • Analysis and evaluation of the availability of updates
  • Regular creation of a product-specific security report
  • Context-specific evaluation by our experts
  • Evaluation of the risks and recommendations together with the customer
  • Planning and release of security updates
  • Optional: use of security patches (security patch management)

The emlix CVE security monitoring therefore serves to perform continual checking of the open source components in devices, machines and plant to see if they are up-to-date. This is the pre-requirement for maintaining a defined cyber security status and at the same time enables economical embedded security life cycle management.

Security audit

The emlix security audit for Linux and open-source-based products has the function of a product-specific status determination and includes, among others, the following services:

                                                                 
  • Joint definition of the analysis focus
  • Requirements and functions of the device under construction
  • Security analysis of the device under construction
  • Analysis of scenarios for attacks on the product
  • Selection and evaluation of protection measures
  • Requirements on the maintenance of the system / security monitoring
  • Evaluation of possible project risks
  • Formulation of the key points of the realization strategy
                                                                                  

The technical audit is thereby orientated on the benchmark of industrial best-practices and basic protection for design, development, test, operation and maintenance of embedded Linux board support packages (BSP). It is performed with a manual inspection and the use of common analysis tools.

The results of the review and specific recommendations for action are compiled in a detailed written report with comments that form a basis for decision making.

Further information

Feel free to contact us. In an initial conversation we can establish how we can support you in a way which is adapted to your needs. 

Your contact partner

Our experts at the emlix solutions team
Phone +49 551 304460
solutions@emlix.com