Wind River Studio Linux Services: Lifecycle Performance Assurance

 

As projects mature, it can become challenging to continuously invest in the resources needed to keep software up to date. Wind River® offers full lifecycle management of your Yocto Project–based embedded Linux platform.

Our team of experts can take on the ongoing responsibility of monitoring, mitigating, and managing Common Vulnerabilities and Exposures (CVEs), license compliance, and software defects as they emerge. We provide the technical solutions and support you need to keep your software current, secure, and stable throughout the life of your device.

CONTINUOUS SECURITY MONITORING

We provide continuous and proactive monitoring of the health of your embedded Linux platform and BSP with timely alerts to new CVEs as they emerge. We run your code through our professional grade scanner and compare it to our extensive database to accurately identify potential vulnerabilities.

  • On-demand scans of your Linux platform comprising your kernel, BSP, and shared and user libraries
  • Curated knowledge base of vulnerabilities and IP license compliance issues built from public sources such as NIST, the Yocto Project, and the MITRE database of CVEs
  • Deep analysis by Wind River engineers of the true impact on your platform

LICENSE USE IDENTIFICATION

Scan your embedded Linux platform and BSP to provide a detailed report of all the licenses used in your platform.

  • Ability to scan for all licenses used in your platform and categorize based on their permissiveness, copyleft, compatibility, and transitive dependencies
  • License remediation implementation services available to address license compliance issues

COLLABORATIVE TRIAGE AND ASSESSMENT

Work with our team to quickly identify and prioritize each CVE based on a common vulnerability threshold (CVSS), severity of impact, and difficulty of attack and avoidability. We work with you to build release plans to address critical and prioritized CVEs and defects.

  • Detailed security report identifying CVEs open against your platform
  • Fixes for newly identified critical and high CVEs at a CVSSv3 threshold of 7 and above
  • Online support portal for customers to request fixes for non-critical CVEs (CVSSv3 < 7)

CVE MITIGATION

Our team of engineers performs a deep analysis to determine the impact of each CVE on your Linux platform. We work with you to prioritize remediation options and timing. We backport, validate, and verify community-based patches before we apply them to your code. If a community solution is unavailable, we work with your engineering team to architect a technical solution.

  • Fixes for critical and high CVEs at CVSSv3 threshold 7 and above
  • Collaboration and prioritization of medium and low CVEs
  • Emergency patches to fix critical CVEs and quarterly patches to fix other prioritized CVEs
  • Remediation packages available to help catch up on CVE technical debt

DEFECT REMEDIATION

Our team of skilled engineers provide technical fixes to defects. After remediation of the defect, we work with your team to revalidate the platform and assist with field updates.

  • Online portal for customers to submit defects
  • Collaborative prioritization of defects impacting your Linux platform and BSP
  • Emergency patches to fix your critical defects and quarterly patches to fix your prioritized defects

QUALITY WITH FOCUS ON YOUR HARDWARE

We ensure you have a high-quality and stable embedded Linux platform and BSP for your hardware. All remediation efforts enter the Wind River continuous integration (CI) pipeline for nightly, weekly, and monthly build and test processes. After remediation, testing, and release, Wind River will generate a new software bill of materials and documentation that can be used for project verification.

  • All modifications to your platform through patches or custom engineering validated and verified before redeployment
  • Hardware set up in our board farm and used by our CI pipeline to continuously test modifications to the platform
  • Nightly builds and test process leveraging the Wind River CI pipeline to ensure high quality
  • Upstreaming of engineered resolutions back to the Yocto Project community

GLOBAL SUPPORT

Wind River has a global team of experts to support your Linux platform. Additional support options are available.

  • Online support portal to submit tickets during the remediation period
  • Review by Wind River engineers to ensure timely response
  • Premium Support options for customers needing dedicated engineers well versed in their project

FOR MORE INFORMATION

Contact your local account team or salesinquiry@windriver.com.

Download PDF
Return to Resource Center