Lifecycle Security for Legacy Linux Platforms

KEEPING THE FOCUS ON INNOVATION

It’s a common challenge for network equipment companies: The priority is creating breakthrough innovations, not supporting and maintaining legacy software on deployed equipment. But the unfortunate consequence, all too often, is a buildup of technical debt, higher security risks, and unstable software platforms.

In the case of one long-term Wind River^® customer, a network equipment and solutions provider known globally for its advances in automated, cloud-accessible networks, the laser focus on innovation meant routine maintenance of its Yocto Project Linux platform took a back seat. With service level agreements in place with the end customer, the development team realized late in the game that it couldn’t deploy new software until all critical security risks in the OS were found and fixed.

The solution: Wind River Studio Linux Services portfolio, which includes the lifecycle security service. Using the carefully curated CVE scanner, Wind River experts identified more than 1,500 CVEs on the customer’s legacy Linux platform, of which more than 80 were critical.

The Wind River team analyzed the true impact of the CVEs and collaborated with the company’s engineers to prioritize the vulnerabilities needing immediate attention. In addition, Wind River is providing ongoing security management and implementing quality checks and testing on the customer’s hardware, with nightly builds to ensure ongoing, high-quality fixes for its OS platform and BSPs. The Studio Linux Services team also provided online release dashboards and reports to track fixes and progress, with release notes and artifacts to capture the CVEs and defects fixed in a release.

The net result: The customer no longer needs to worry about its base Linux platform getting in the way of deploying new services. With reliable and timely security fixes and ongoing, comprehensive testing performed by Wind River experts, the company can focus on its strength: creating new innovations in middleware, applications, and devices. And it can accelerate time-to-market for new offerings that excite customers and drive higher revenue.

Along the way, the company is saving a huge amount of time and money. According to the Linux Foundation, the average “request to fix” time for Linux CVEs is 100 days. With Wind River, finding and fixing the CVEs was much faster and more cost-efficient than doing it internally. Moreover, the Wind River fixes are already validated on multiple platforms, translating to faster deployments, which helps avoid missed SLAs and penalties.

Simply put, Studio Linux Services are a faster, smarter way to save resources and keep the focus on innovation, not CVEs.

Try our security scanning service for free at: www.windriver.com/services/linux.