Case Study: Handling Security Vulnerabilities

 

The Problem

A leading European manufacturing company needed to maximize security in the TETRAPOL (Terrestrial Trunked Radio POLice) devices it designs, builds, and markets for secure land communications. On-ground communications are vital in ensuring that police officers, medical operators, firefighters, and operations professionals can function in a robust, reliable, and secure manner.

For years, the company used a Yocto Project Linux distribution and custom boards based on the NXP QorIQ processor for its TETRAPOL development work. However, due to the obsolescence of this specific Yocto Project version, the legacy Linux kernel presented challenges. The company did not have the resources or expertise to conduct the necessary and continuous internal CVE review, analysis, and remediation — and its goal was to focus instead on innovation around its TETROPOL devices. It needed a new solution for handling security vulnerabilities.

Wind River Solution

The Wind River® Studio Security Lifecycle service, an integral part of the Studio Linux Services portfolio, provided a reliable and cost-efficient way to identify and fix CVEs in the company’s legacy Linux platform. The services included:

  • Collaboration: An initial series of biweekly meetings was set with Wind River experts to collaborate on the company’s needs, requirements on each side, expected outcomes, and time frames.
  • CVE portal: A dedicated CVE portal, based on the company’s specific configurations, was created to make it easier for staff to check for the latest CVEs, asses their potential impact, and, if necessary, request a fix from Wind River.
  • Analysis: Rigorous analysis of the remediation for each requested fix ensured that implementation would create no unanticipated impacts.
  • Implementation: Remediations were implemented.
  • Regression testing: A nightly smoke test verified that the patch worked as intended.

Business Result

By offloading to Wind River experts the time-consuming, highly specialized task of maintaining security in its legacy Linux distribution, the company saved valuable staff time. It also gained confidence and peace of mind from the personalized, expert collaboration and support that Wind River provided. The solution further strengthened the company’s reputation for secure, trustworthy TETRAPOL devices across a growing customer base, which will lead to higher incremental revenue.

“Now we are focused on new possibilities rather than scrambling and deploying valuable engineers every time there is a security issue,” said a senior executive at the company. “That’s a boost to our morale, our ability to innovate, and our reputation in an industry where security is absolutely critical.”

Download PDF
Return to Resource Center