Outdated and thereby insecure software components in industrial products or critical infrastructure are one of the greatest risk factors for cyber attacks. Norms such as IEC 62304 for medical device software as well as the compliance departments of customers therefore increasingly expect IT security management processes and sophisticated risk evaluation.

Evaluation of CVE relevance by experts

Known weaknesses and vulnerabilities are collected worldwide as common vulnerabilities and exposures (CVE) and are the starting point for risk assessment. The aim is to identify product-relevant security findings as early as possible and to check whether and when they can or should be addressed in the productive system by means of an update.

The emlix CVE security monitoring includes the following services:

Analysis of the software components included in the product
Evaluation of the usage and operations context and the risk structure
Database aggregation of information and monitoring
Analysis and evaluation of the availability of updates
Regular creation of a product-specific security report
Context-specific evaluation by our experts
Evaluation of the risks and recommendations together with the customer
Planning and release of security updates
Optional: use of security patches (security patch management)

The emlix CVE security monitoring therefore serves to perform continual checking of the open source components in devices, machines and plant to see if they are up-to-date. This is the pre-requirement for maintaining a defined cyber security status and at the same time enables economical embedded security life cycle management.

Security audit

The emlix security audit for Linux and open-source-based products has the function of a product-specific status determination and includes, among others, the following services:

Joint definition of the analysis focus
Requirements and functions of the device under construction
Security analysis of the device under construction
Analysis of scenarios for attacks on the product
Selection and evaluation of protection measures
Requirements on the maintenance of the system / security monitoring
Evaluation of possible project risks
Formulation of the key points of the realization strategy

The technical audit is thereby orientated on the benchmark of industrial best-practices and basic protection for design, development, test, operation and maintenance of embedded Linux board support packages (BSP). It is performed with a manual inspection and the use of common analysis tools.

The results of the review and specific recommendations for action are compiled in a detailed written report with comments that form a basis for decision making.

Further information

Feel free to contact us. In an initial conversation we can establish how we can support you in a way which is adapted to your needs.

Your contact partner

Our experts at the emlix solutions team
Phone +49 551 304460
solutions@emlix.com

Name	Purpose	Lifetime	Type	Provider
CookieConsent	Saves your consent to using cookies.	1 year	HTML	Website
fe_typo_user	Assigns your browser to a session on the server.	session	HTTP	Website

Name	Purpose	Lifetime	Type	Provider
_pk_id	Used to store a few details about the user such as the unique visitor ID.	13 months	HTML	Matomo
_pk_ref	Used to store the attribution information, the referrer initially used to visit the website.	6 months	HTML	Matomo
_pk_ses	Short lived cookie used to temporarily store data for the visit.	30 minutes	HTML	Matomo
_pk_cvar	Short lived cookie used to temporarily store data for the visit.	30 minutes	HTML	Matomo
_pk_hsr	Short lived cookie used to temporarily store data for the visit.	30 minutes	HTML	Matomo