Known weaknesses and vulnerabilities are collected worldwide as common vulnerabilities and exposures (CVE) and are the starting point for risk assessment. The aim is to identify product-relevant security findings as early as possible and to check whether and when they can or should be addressed in the productive system by means of an update.
The emlix CVE security monitoring includes the following services:
- Analysis of the software components included in the product
- Evaluation of the usage and operations context and the risk structure
- Database aggregation of information and monitoring
- Analysis and evaluation of the availability of updates
- Regular creation of a product-specific security report
- Context-specific evaluation by our experts
- Evaluation of the risks and recommendations together with the customer
- Planning and release of security updates
- Optional: use of security patches (security patch management)
The emlix CVE security monitoring therefore serves to perform continual checking of the open source components in devices, machines and plant to see if they are up-to-date. This is the pre-requirement for maintaining a defined cyber security status and at the same time enables economical embedded security life cycle management.