Wind River Studio Linux Services: 
Lifecycle Performance Assurance

What We Deliver

CONTINUOUS SECURITY MONITORING

We provide continuous and proactive monitoring of the health of your embedded Linux platform and BSP with timely alerts to new Common Vulnerabilities and Exposures (CVEs) as they emerge. We run your code through our professional grade scanner and compare it to our extensive database to accurately identify potential vulnerabilities.

• On-demand scans of your Linux platform comprising your kernel, BSP, and shared and user libraries
• Curated knowledge base of vulnerabilities and IP license compliance issues built from public sources such as NIST, the Yocto Project, and the MITRE database of CVEs
• Deep analysis by Wind River engineers of the true impact on your platform
• Detailed security report identifying all the CVEs that are open against your Linux platform

LICENSE USE IDENTIFICATION

Scan your embedded Linux platform and BSP to provide a detailed report of all the licenses used in your platform.

• Ability to scan for all licenses used in your platform and categorize based on their permissiveness, copyleft, compatibility, and transitive dependencies
• Detailed report identifying all the licenses used in your Linux Platform
• License remediation implementation services available to address license compliance issues

COLLABORATIVE TRIAGE AND ASSESSMENT

Work with our team to quickly identify and prioritize the vulnerabilities based on a common vulnerability threshold (CVSS), severity of impact, and difficulty of attack and avoid ability. We work with you to build release plans to address critical and prioritized CVEs and defects.

• Detailed security report identifying CVEs open against your platform
• Fixes for newly identified critical and high CVEs at a CVSSv3 threshold of 7 and above
• Online support portal for customers to request fixes for non-critical CVEs (CVSSv3 < 7)
• Request review by Wind River engineers, with timely response
• Premium Support options for customers needing dedicated engineers well versed in their project

CVE MITIGATION

Our team of engineers performs a deep analysis to determine the impact of the CVE on your Linux platform. We work with you to prioritize remediation options and timing. We backport, validate, and verify community-based patches before we apply them to your code. If a community solution is unavailable, we work with your engineering team to architect a technical solution.

• Fixes for critical and high CVEs at CVSSv3 threshold 7 and above
• Collaboration and prioritization of medium and low CVEs
• Emergency patches to fix critical CVEs
• Quarterly patches to fix other prioritized CVEs
• Remediation packages available to help catch up on CVE technical debt

DEFECT REMEDIATION

Our team of skilled engineers provide technical fixes to defects. After remediation of the defect, we work with your team to revalidate the platform and assist with field updates.

• Online portal for customers to submit defects
• Collaborative prioritization of defects impacting your Linux platform and BSP
• Emergency patches to fix your critical defects and quarterly patches to fix your prioritized defects

QUALITY WITH FOCUS ON YOUR HARDWARE

We ensure you have a high-quality and stable embedded Linux platform and BSP for your hardware. All remediation efforts enter the Wind River continuous integration (CI) pipeline for nightly, weekly, and monthly build and test processes. After remediation, testing, and release, Wind River will generate a new software bill of materials and documentation that can be used for project verification.

• All modifications to your platform through patches or custom engineering validated and verified before redeployment
• Hardware set up in our board farm and used by our CI pipeline to continuously test modifications to the platform
• Nightly builds and test process leveraging the Wind River CI pipeline to ensure high quality
• Emergency patches to fix your critical issues and quarterly patches to fix other issues

SOFTWARE BILL OF MATERIALS & RELEASE DOCUMENTATION

A new software bill of materials is generated after every code modification.

• Online release dashboards and reports to track fixes and progress
• Release notes to capture the CVEs and defects fixed in a release

COMMUNITY UPSTREAM

Wind River can be your partner and voice for the Yocto Project.
We can work on your behalf to upstream and contribute any fixes or engineered resolutions back to the community.

GLOBAL SUPPORT

Wind River has a global team of experts to support your Linux platform. Additional support options are available.
» See Awards and Industry Recognition for Wind River

• Online support portal to submit tickets during the remediation period
• Review by Wind River engineers to ensure timely response
• Premium Support options for customers needing dedicated engineers well versed in their project

GLOBAL SUPPORT CENTERS

OPEN SOURCE LEADERSHIP AND ENGINEERING EXPERTISE

Wind River is a founding member of the Linux Foundation’s Yocto Project. We are one of the top contributors and maintainers of several key components.
» Learn about the Yocto Project

• Leading commercial contributor with commits to the Yocto Project for the last five years
• Recent contribution of a security response tool
• Proven project governance and advocacy within the community