Outdated and thereby insecure software components in industrial products or critical infrastructure are one of the greatest risk factors for cyber attacks. Norms such as IEC 62304 for medical device software as well as the compliance departments of customers therefore increasingly expect IT security management processes and sophisticated risk evaluation.
Evaluation of CVE relevance by experts
Known weaknesses and vulnerabilities are collected worldwide as common vulnerabilities and exposures (CVE) and are the starting point for risk assessment. The aim is to identify product-relevant security findings as early as possible and to check whether and when they can or should be addressed in the productive system by means of an update.
The emlix CVE security monitoring includes the following services:
- Analysis of the software components included in the product
- Evaluation of the usage and operations context and the risk structure
- Database aggregation of information and monitoring
- Analysis and evaluation of the availability of updates
- Regular creation of a product-specific security report
- Context-specific evaluation by our experts
- Evaluation of the risks and recommendations together with the customer
- Planning and release of security updates
- Optional: use of security patches (security patch management)
The emlix CVE security monitoring therefore serves to perform continual checking of the open source components in devices, machines and plant to see if they are up-to-date. This is the pre-requirement for maintaining a defined cyber security status and at the same time enables economical embedded security life cycle management.
Security audit
The emlix security audit for Linux and open-source-based products has the function of a product-specific status determination and includes, among others, the following services:

|
The technical audit is thereby orientated on the benchmark of industrial best-practices and basic protection for design, development, test, operation and maintenance of embedded Linux board support packages (BSP). It is performed with a manual inspection and the use of common analysis tools.
The results of the review and specific recommendations for action are compiled in a detailed written report with comments that form a basis for decision making.
Further information
Feel free to contact us. In an initial conversation we can establish how we can support you in a way which is adapted to your needs.
Your contact partner
Our experts at the emlix solutions team
Phone +49 551 304460
solutions@emlix.com