Wind River Studio Linux Services: 
Lifecycle Performance Assurance

Wind River offers lifecycle management services for Linux platforms and board support packages for your embedded systems project.


As projects mature, it can become challenging to continuously invest in the resources needed to keep software up to date. Wind River® offers full lifecycle management of your Yocto Project–based embedded Linux platform.

Our team of experts can take on the ongoing responsibility of monitoring, mitigating, and managing common vulnerabilities exposures, license compliance, and software defects as they emerge. We provide the technical solutions and support you need to help you keep your software current, secure, and stable throughout the life of your device. We are committed to making our customers successful.

What We Deliver


We provide continuous and proactive monitoring of the health of your embedded Linux platform and BSP with timely alerts to new Common Vulnerabilities and Exposures (CVEs) as they emerge. We run your code through our professional grade scanner and compare it to our extensive database to accurately identify potential vulnerabilities.

  • On-demand scans of your Linux platform comprising your kernel, BSP, and shared and user libraries
  • Curated knowledge base of vulnerabilities and IP license compliance issues built from public sources such as NIST, the Yocto Project, and the MITRE database of CVEs
  • Deep analysis by Wind River engineers of the true impact on your platform
  • Detailed security report identifying all the CVEs that are open against your Linux platform


Scan your embedded Linux platform and BSP to provide a detailed report of all the licenses used in your platform.

  • Ability to scan for all licenses used in your platform and categorize based on their permissiveness, copyleft, compatibility, and transitive dependencies
  • Detailed report identifying all the licenses used in your Linux Platform
  • License remediation implementation services available to address license compliance issues


Work with our team to quickly identify and prioritize the vulnerabilities based on a common vulnerability threshold (CVSS), severity of impact, and difficulty of attack and avoid ability. We work with you to build release plans to address critical and prioritized CVEs and defects.

  • Detailed security report identifying CVEs open against your platform
  • Fixes for newly identified critical and high CVEs at a CVSSv3 threshold of 7 and above
  • Online support portal for customers to request fixes for non-critical CVEs (CVSSv3 < 7)
  • Request review by Wind River engineers, with timely response
  • Premium Support options for customers needing dedicated engineers well versed in their project


Our team of engineers performs a deep analysis to determine the impact of the CVE on your Linux platform. We work with you to prioritize remediation options and timing. We backport, validate, and verify community-based patches before we apply them to your code. If a community solution is unavailable, we work with your engineering team to architect a technical solution.

  • Fixes for critical and high CVEs at CVSSv3 threshold 7 and above
  • Collaboration and prioritization of medium and low CVEs
  • Emergency patches to fix critical CVEs
  • Quarterly patches to fix other prioritized CVEs
  • Remediation packages available to help catch up on CVE technical debt


Our team of skilled engineers provide technical fixes to defects. After remediation of the defect, we work with your team to revalidate the platform and assist with field updates.

  • Online portal for customers to submit defects
  • Collaborative prioritization of defects impacting your Linux platform and BSP
  • Emergency patches to fix your critical defects and quarterly patches to fix your prioritized defects


We ensure you have a high-quality and stable embedded Linux platform and BSP for your hardware. All remediation efforts enter the Wind River continuous integration (CI) pipeline for nightly, weekly, and monthly build and test processes. After remediation, testing, and release, Wind River will generate a new software bill of materials and documentation that can be used for project verification.

  • All modifications to your platform through patches or custom engineering validated and verified before redeployment
  • Hardware set up in our board farm and used by our CI pipeline to continuously test modifications to the platform
  • Nightly builds and test process leveraging the Wind River CI pipeline to ensure high quality
  • Emergency patches to fix your critical issues and quarterly patches to fix other issues


A new software bill of materials is generated after every code modification.

  • Online release dashboards and reports to track fixes and progress
  • Release notes to capture the CVEs and defects fixed in a release


Wind River can be your partner and voice for the Yocto Project.
We can work on your behalf to upstream and contribute any fixes or engineered resolutions back to the community.


Wind River has a global team of experts to support your Linux platform. Additional support options are available.
» See Awards and Industry Recognition for Wind River

  • Online support portal to submit tickets during the remediation period
  • Review by Wind River engineers to ensure timely response
  • Premium Support options for customers needing dedicated engineers well versed in their project


  • North America
  • Ottawa, Canada
  • Dublin, OH
  • Alameda, CA
  • Detroit, MI
  • Costa Rica
  • South America
  • Cordoba, Argentina
  • (C/E Services Only)
  • Europe
  • Stockholm, Sweden
  • Paris, France
  • Munich, Germany
  • Galati, Romania
  • China
  • Chengdu, China
  • Beijing, China
  • Korea
  • Seoul, Korea
  • Japan
  • Tokyo, Japan


Wind River is a founding member of the Linux Foundation’s Yocto Project. We are one of the top contributors and maintainers of several key components.
» Learn about the Yocto Project

  • Leading commercial contributor with commits to the Yocto Project for the last five years
  • Recent contribution of a security response tool
  • Proven project governance and advocacy within the community


From Prototype to Post-Deployment: Linux Decision Points

In the embedded industry, the lifecycle of a Linux product can last 5, 10, or even 15 years or more, so the decisions you make now and along the way will impact speed, quality, and resources for years to come. They can also create technical debt and directly impact future scalability, profitability, and the overall success of your project.

≫ Read More