Wind River introduces Security Scanning Service for Linux CVEs

Wind River has introduced Wind River Studio Linux Security Scanning Service that provides professional-grade scanning to identify Common Vulnerabilities and Exposures (CVEs).

Tuned to the unique needs of embedded Linux development, it also indicates whether a remediation solution is already available for a given CVE, including fixes and patches available from Wind River.

“In a highly connected and complex computing landscape where security exploitations are becoming more prevalent, the effective and proactive monitoring and management of CVEs is a top priority. In the rush to add new features, get to market faster, and achieve platform stability, CVEs often go inadequately addressed in the maintenance lifecycle,” said Amit Ronen, chief customer officer, Wind River.

“Leveraging our many years of Linux experience and expertise, Studio Linux Security Scanning Service helps developers quickly identify high-risk vulnerabilities, prioritize remediation efforts, and enhance the security of their Linux-based devices and systems,” Ronen continued.

Once a developer runs a software bill of materials (SBOM) or manifest in the scanner, it analyzes specific platform layers, including kernel, user space, libraries, and other system components, and compares it to an extensive knowledge base to identify critical vulnerabilities.

The scanner can also display licenses leveraged within the platform’s packages to assist artifact generation and compliance requirements. The resulting list of identified vulnerabilities is ranked according to the Common Vulnerability Scoring System (CVSS v3).

The service leverages a knowledge base that has been developed from a curated collection of data sources, including the Yocto Project, NIST, and the Wind River database of CVEs.